FreeBSD Security Advisory FreeBSD-SA-16:16.ntp

[Christian Weisgerber]

On 2016-04-29, "Matthew X. Economou" <xenophon at irtnog.org> wrote:

>> What are the reasons FreeBSD has not deprecated ntpd in favor of
>> openntpd?
>
> While I cannot speak for anyone other than myself, the two simply aren't
> equivalent.

OpenNTPD is intended to cover the most common usage scenarios.

The single most common use of NTP is a client that simply gets the
time from a server or set of servers.  The second most common use
is a server that fetches the time from other servers and redistributes
it to a bunch of clients.   These two scenarios cover what, 99% of
all ntpd users?

(OpenNTPD also has support for reference clocks, but that code uses
OpenBSD's sensor framework and is not portable.)

> As a conscious design choice, OpenNTPD trades off accuracy
> for code simplicity.

There has been no such design choice.  OpenNTPD is simply accurate
enough in practice that the matter hasn't really come up.

Accuracy is a complete red herring if you are getting your time
from the Internet, where packet jitter is a few milliseconds anyway.

> It lacks support for NTP authentication, access controls,
> reference clocks, multicast/broadcast operation, or any kind of
> monitoring/reporting.

Only a tiny fraction of NTP users will use any of that.

-- 
Christian "naddy" Weisgerber                          naddy at mips.inka.de