Aaron Jones transcribed 3.1K bytes: > On 12/05/18 19:29, Axel Neumann wrote: > > You want WG to secure your network. So the suggestion can not be to open > > your network for a pretty insecure deamon in order to get WG working. > > This would essentially allow attackers to a fake the ntp server and then > > block WG forever. > > Someone in a position to fake NTP (which needs bidirectional > communication) is already in a position to block WG forever (by simply > refusing to forward its packets). > > Additionally, there are a few very well-designed and secure NTP daemons > out there (such as OpenNTPd). >
Using NTP is not a viable solution for a distributed mesh network. What if the Internet is only accesible via WG, or what if the network is not connected to the Internet at all? It's not a trivial problem, but I think it would be benefecial to WireGuard as a project to not depend on centralized time authority *if there is an option not to*. -Devan
signature.asc
Description: PGP signature
_______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
