[ntpwg] [dhcwg] Re: Network Time Protocol (NTP) OptionsforDHCPv6
TS Glassey
tglassey at earthlink.net
Mon Nov 26 02:54:08 GMT 2007
Ted :-)
----- Original Message -----
From: "Ted Lemon" <mellon at fugue.com>
To: "TS Glassey" <tglassey at earthlink.net>
Cc: <ntpwg at lists.ntp.org>; <dhcwg at ietf.org>; "Mark Andrews"
<Mark_Andrews at isc.org>; "Richard Gayraud (rgayraud)" <rgayraud at cisco.com>
Sent: Sunday, November 25, 2007 6:43 PM
Subject: Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NTP)
OptionsforDHCPv6
> On Nov 25, 2007, at 8:32 PM, TS Glassey wrote:
>> Which makes the Network Administrator liable for screw-up's and the
>> damages
>> therein... Sorry this one is a no-sale IMHO.
>
> Why? Network administrators are already responsible for all the other
> fields in the DHCP server - why is the NTP server address special?
>
Ted there are issues with the Old-School methods and if you believe that
they are the right way to operate your network nothing I can say from either
someone who has written subpicosecond event capture code as well as auditing
profiles for securing and making the evidence believable.
So lets just agree to disagree about this. The addition of NTP servers in
this instance opens more liabilities than it solves problems for whether
anyone likes that or not. Sorry, but your neat fix here opens new security
issues and allows NTP servers to become also impacted by DHCP security
issues.
Sorry but reality is what it is, and adding this support to DHCP opens more
problems than it solves.
Todd
More information about the ntpwg
mailing list