timedatex replacing systemd-timedated for NTP packages
mlichvar at redhat.com
Wed Nov 26 09:09:06 UTC 2014
On Tue, Nov 25, 2014 at 02:35:12PM -0700, Chris Murphy wrote:
> On Tue, Nov 25, 2014 at 10:51 AM, Florian Weimer <fweimer at redhat.com> wrote:
> > Some networks have bad NTP service in the sense that they hand out incorrect
> > time (not just off by a few seconds, but days or months, enough to skew
> > certificate validity).
> I'm not sure what we're supposed to do about such sabotage on the
> network, that seems distinctly a local issue. We should do the best we
> can right now, while providing a manual switch for the user to alter
> the default.
> It used to be the case that we used these servers:
We still do. Unless the number of bad servers added from DHCP is large
enough to disrupt the NTP source selection algorithm or the pool
servers are not reachable (NTP traffic blocked), it shouldn't be a big
problem. Of course, without authentication this can't reliably protect
against MITM attacks.
> > Now if Fedora offered a high-availability cryptographic time service (we
> > actually do, sort of), things might be different—but not much, because then
> > we'd be having a discussion about phoning home instead.
> The pool still exists. Are we not supposed to use them?
I think Florian meant getting time over HTTPS from a Fedora server.
The tlsdate program could be used for that. I'm not sure what
resources would be needed to allow this to be enabled by default. The
NTP Autokey protocol would be probably more efficient (and accurate),
unfortunately it doesn't work behind NAT.
More information about the devel