On 23-11-09 18:57, der Mouse wrote:
>> Remember that there's absolutely no mitigation we can do when someone
>> turns out not to.
>
> That's not quite true, actually. If the misbehaviour is egregious
> enough for individual pool hosts to notice it in isolation, they can
> act against it in isolation.
No, there's nothing we can do (talking about vendors in this thread).
With vendors you have to consider millions of identical configured devices.
We won't notice they are bad as long as "only" a few thousands are
operational (as you described). But, as their product becomes more
successful (i.e. millions in operation), we end up with overflows in our
block lists (DDOS attack).
I don't know about my system, but a block list with 100.000 entries
might push it to some limits. Vendor success is usually also geographically
concentrated, for example when a major local ISP decides to ship it to all
customers. So, with the current geographic DNS you bring servers in that
region in problems.
With vendors, and especially hardware, you also have to consider that the
vendor cannot reach the buyers and that the buyers usually do not upgrade or
touch their system (as long as they keep working with regard to their main
funtion, which is not time keeping). So, any accidental problem will remain
a problem for a long time.
You don't want to shut down pool.ntp.org and move to a subdomain with
all well behaving clients. You want to shut down that one vendor only (and
introduce 'vendor2' for their upgraded devices).
Arnold
_______________________________________________
timekeepers mailing list
[email protected]
https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
