Robie Basak said: > > I'm seeking just to make default what people already use. My goal is to > make the time correct on Ubuntu server systems by default. Currently I'm > of the opinion that the daemon used doesn't really matter; all options > are by far good enough in standard use cases, and users of obscure use > cases have the option of switching to another. > > I'm prepared to have my opinion swayed by evidence, but in the absense > of any evidence to the contrary, I'm not prepared to put effort into > picking some other solution and making it the default for no good > reason.
ntp has a lot of institutional momentum and it's great at keeping the clocks right, but in terms of security it has serious problems. I for one have to break the habit of just apt-get install ntp, edit ntp.conf and I’ done... https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687166 ntp in the default configuration usually means no encryption or authentication and is vulnerable to man in the middle attacks. And if one does setup encryption and/or authentication, it isn’t very secure. http://zero-entropy.de/autokey_analysis.pdf Summery: “using a TLS IP tunnel is recommended as a transitional solution.” A couple of other possible solutions I haven’t seen mentioned in this thread: tlsdate is packaged in Debian and developed by Jacob Appelbaum of the Tor project. https://github.com/ioerror/tlsdate htpdate used by Tails. https://tails.boum.org/contribute/design/Time_syncing/ Note it is a rewrite/fork of the unmaintained htpdate package that is currently in Debian. Chuck -- ubuntu-devel mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
