Opened 7 years ago

Closed 6 years ago

Last modified 6 years ago

#1226 closed defect (no response)

Replace NTP with in-network time synch

Reported by: dg Owned by:
Priority: minor Milestone: 0.9.21
Component: router/general Version: 0.9.11
Keywords: Cc:
Parent Tickets: Sensitive: no


NTP is insecure, vulnerable to MITM, could be used for fingerprinting users and runs over the clearnet. This is not acceptable in some situations. Some have created alternatives (see tlsdate) that can be torified/anonymized.

Could we have an in-network, anonymous NTP/time synch solution? Would it work with the latency?



Change History (4)

comment:1 Changed 7 years ago by zzz

Component: unspecifiedrouter/general

We do use in-net timestamps for time syncing (and also from the HTTP headers while reseeding). But we still use NTP also.

I'm worried that if we disabled NTP for all, the whole net could drift off or become unstable.

I don't think the risks of NTP are significant. tlsdate is only marginally better? And less robust?

Please supply more justification for your proposal.

comment:2 Changed 6 years ago by zzz

Status: newinfoneeded_new

comment:3 Changed 6 years ago by dg

Resolution: no response
Status: infoneeded_newclosed

Closing for now. After reconsideration, I don't think this is important.

comment:4 Changed 6 years ago by DjJeshk

Non NTP time synchronization should be needed if NTP server hostnames does not resolve. Lot of issues appeared when my network DNS server gone down. This issue should not be forgotten if for some reasons DNS server lookup should be avoided completely.

Note: See TracTickets for help on using tickets.