[ntpwg] [dhcwg] Re: Network Time Protocol (NTP) Options for DHCPv6

Danny Mayer mayer at ntp.org
Sun Nov 25 04:06:28 GMT 2007 

Ted Lemon wrote:
> On Nov 24, 2007, at 8:15 PM, Danny Mayer wrote:
>> Would this satisfy both sides?
> 
> This is sort of like when a spendthrift congresscritter says "look, we
> want to take half of that national park for oil exploration, but you've
> objected that visitors to the park won't want to look at the oil
> derricks, so let's compromise: we'll take the *whole* park.   That
> satisfies our needs, and satisfies your objection as well.
> 

Let's stop being silly about this shall we? NTP servers have a real
problem and we want to be sure that proposals don't make the situation
worse.

> There is simply no need for the kind of complexity you're proposing.

Of course there is. There have been enough DDOS attacks on NTP servers
that we need to consider all of the ways that easy propogation of
targets don't work. Just remember that DNSSEC took over 10 years to
develop and is still in the starting stages of being rolled out.

> The reason why DHCP is such a success is because it's a great place to
> put your client configuration control information.   It works.   Network
> administrators keep it up to date.   Clients refresh their
> configurations periodically.

That's nice. But let's make sure that it doesn't cause problems when you
do that.

>   The problem you're afraid will happen is
> not going to happen.

You're too late. It already has. We are already in the situation that we
need to take defensive measures against existing errant NTP clients.

> Please stop trying to create additional complexity to deal with a
> problem that's not going to happen.   The whole point of DHCP is to
> PREVENT the kind of problem you're worried about.   You don't need to
> complexify it to accomplish your goals - it already accomplishes them!

The minimal complexity suggested is necessary since DHCP will do
*nothing* to prevent the kind of problem that I'm worried about. To the
contrary it will most likely *cause* the problem. You don't see the
problem, we have to live with it.


Danny

More information about the ntpwg mailing list