Public bug reported: Ubuntu shall be secure by default, therefore utilize Network Time Security (NTS), as time is the trust anchor for many cryptography related processes (e.g. certificates).
NTS was previously enabled in chrony (LP: #2084585) and comes pre- installed in certain Ubuntu cloud images. Still, in Ubuntu Desktop/Server and other generic Ubuntu images we rely on systemd- timesyncd (without support for NTS [1]). This leads to a situation where we have to maintain two time-daemons in "main", while still not using NTS on most systems. [1] https://github.com/systemd/systemd/issues/9481 References: spec-FO207, SD-2171, chrony MIR (LP: #1744072) ** Affects: ubuntu Importance: Undecided Status: New ** Affects: chrony (Ubuntu) Importance: Undecided Status: New ** Affects: systemd (Ubuntu) Importance: Undecided Status: New ** Also affects: chrony (Ubuntu) Importance: Undecided Status: New ** Also affects: systemd (Ubuntu) Importance: Undecided Status: New ** Description changed: Ubuntu shall be secure by default, therefore utilize Network Time Security (NTS), as time is the trust anchor for many cryptography related processes (e.g. certificates). NTS was previously enabled in chrony (LP: #2084585) and comes pre- installed in certain Ubuntu cloud images. Still, in Ubuntu Desktop/Server and other generic Ubuntu images we rely on systemd- timesyncd (without support for NTS [1]). This leads to a situation where we have to maintain two time-daemons in "main", while still not using NTS on most systems. + [1] https://github.com/systemd/systemd/issues/9481 - [1] https://github.com/systemd/systemd/issues/9481 + References: spec-FO207, SD-2171 ** Description changed: Ubuntu shall be secure by default, therefore utilize Network Time Security (NTS), as time is the trust anchor for many cryptography related processes (e.g. certificates). NTS was previously enabled in chrony (LP: #2084585) and comes pre- installed in certain Ubuntu cloud images. Still, in Ubuntu Desktop/Server and other generic Ubuntu images we rely on systemd- timesyncd (without support for NTS [1]). This leads to a situation where we have to maintain two time-daemons in "main", while still not using NTS on most systems. [1] https://github.com/systemd/systemd/issues/9481 - References: spec-FO207, SD-2171 + References: spec-FO207, SD-2171, chrony MIR (LP: #1744072) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2111342 Title: Install time-daemon with NTS support by default To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/2111342/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
