Re: NIST NTP servers

[Jared Mauch <jared () puck nether net>]

> On May 10, 2016, at 4:40 PM, Gary E. Miller <gem () rellim com> wrote:
>
> Yo Jared!

Yo, Gary!

> On Tue, 10 May 2016 16:29:26 -0400
> Jared Mauch <jared () puck nether net> wrote:
>
> > If you’re using Redhat based systems consider using chrony 
> > instead, even the new beta fedora 24 uses 4.2.6 derived code
> > vs 4.2.8
>
> Or, new but under heavy development: NTPsec : https://www.ntpsec.org/
>
> It is a fork of classic NTPD, but was not vulnerable to most of the 
> recent NTPD CVEs.


Yeah, there are some issues here in how the NTP community has implemented
solutions without discussing with each other through the community splits.

The NTPWG at IETF has been in a bit of stasis for years now because the
various aspects of how it works, and those who present sometimes don’t
output in the most organized fashion requiring a lot of effort on the
receiver.

There’s also a very narrow universe of people who actually care about the
implementations and details, with people like Majdi, Harlan and Miroslav
understanding the needs more than I’ve seen anyone from the ntpsec/cisco
funded side grasp the nuances of.

As a general statement, we are well served by having diverse and robust
implementations, but as we’ve seen in the (mostly) router space that NANOG
community cares about.. there are far more BGP implementations than NTP.

This isn’t good if the community wants to move to a model of certificate based
routing and the dependent infrastructure is weak.

I would suggest moving parts of this discussion to either the NTP Pool or the
NTPWG mailing lists.

- jared