NIST NTP servers

Jared Mauch jared at
Tue May 10 20:51:25 UTC 2016

> On May 10, 2016, at 4:40 PM, Gary E. Miller <gem at> wrote:
> Yo Jared!

Yo, Gary!

> On Tue, 10 May 2016 16:29:26 -0400
> Jared Mauch <jared at> wrote:
>> If you’re using Redhat based systems consider using chrony 
>> instead, even the new beta fedora 24 uses 4.2.6 derived code
>> vs 4.2.8
> Or, new but under heavy development: NTPsec :
> It is a fork of classic NTPD, but was not vulnerable to most of the 
> recent NTPD CVEs.

Yeah, there are some issues here in how the NTP community has implemented
solutions without discussing with each other through the community splits.

The NTPWG at IETF has been in a bit of stasis for years now because the
various aspects of how it works, and those who present sometimes don’t
output in the most organized fashion requiring a lot of effort on the

There’s also a very narrow universe of people who actually care about the
implementations and details, with people like Majdi, Harlan and Miroslav
understanding the needs more than I’ve seen anyone from the ntpsec/cisco
funded side grasp the nuances of.

As a general statement, we are well served by having diverse and robust
implementations, but as we’ve seen in the (mostly) router space that NANOG
community cares about.. there are far more BGP implementations than NTP.

This isn’t good if the community wants to move to a model of certificate based
routing and the dependent infrastructure is weak.

I would suggest moving parts of this discussion to either the NTP Pool or the
NTPWG mailing lists.

- jared

More information about the NANOG mailing list