Hi, sorry for thread necromancy... On Wed, Apr 08, 2020 at 10:42:09AM +0200, Miroslav Lichvar wrote: > What I meant, if someone for example had at home a stratum 1 server > (e.g. synchronized to GPS) and they trusted everything and everyone in > their local network, it would make sense to still use the server > (without NTS) in addition to any external time servers authenticated > by NTS. > > The question is if we need to change the default value of the PEERNTP > option. There could be a new default which adds the servers provided > by DHCP only if chronyd is not using any servers with enabled > authentication. Aside: the PEERNTP option seems to be very weakly documented. After some searching I found [1, 2] and [3]. Some up-to-date documentation would be necessary if users are expected to configure this. [1] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/s1-understanding_the_ntpd_configuration_file [2] https://docs.fedoraproject.org/en-US/Fedora/26/html/System_Administrators_Guide/s1-Understanding_the_ntpd_Configuration_File.html [3] https://bugzilla.redhat.com/show_bug.cgi?id=809367 It sounds like PEERNTP should be a per-interface setting. If I'm connecting to a trusted network or VPN, I might want to use and trust the provided NTP servers. If connecting to a public network, don't trust and use NTS to verify servers. Also, what software supports /etc/sysconfig/network? I think we currently have initscripts-network, NetworkManager, systemd-networkd in Fedora. >From the original proposal: > Computers with no RTC (e.g. some ARM boards), or RTC that is too far > from the real time, will fail to verify TLS certificates. Making NTP not work on boards without RTC could impact a large number of such users, and also those who have flaky RTCs. Right now they can simply use NTP to update the clock after boot, and with this proposal that'd be broken... In my experience, bug reports that stem from broken RTC are somewhat frequent (e.g. journalctl doesn't handle the case of a jumping clock very well, and we get reports about this fairly regularly). So I think handling the no-RTC case gracefully would be a requirement to make NTS enabled by default. > An option could be added to disable the time checks before the > first update of the clock. This would have an impact on security. ... how would that look? It'd need support in chrony itself, right? Would upstream accept such code? Zbyszek _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
