Re: [chrony-dev] Experimental NTS support

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-dev Archives ]

To: chrony-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [chrony-dev] Experimental NTS support
From: Bill Unruh <unruh@xxxxxxxxxxxxxx>
Date: Tue, 9 Jun 2020 01:27:03 -0700 (PDT)


On Tue, 9 Jun 2020, Miroslav Lichvar wrote:

On Tue, Jun 09, 2020 at 12:21:41AM +0200, Vincent Blut wrote:

I must admit CVE-2020-13777 [1] has cooled me down a lot about GnuTLS.
OpenSSL 3.0 (currently in alpha stage) will use the Apache License 2.0 which
isn’t compatible with the GPLv2. Sigh, what a mess!


Remember GPL3 is not compatible with GPL2.


[1] https://gitlab.com/gnutls/gnutls/-/issues/1011


If I understand it correctly (and I don't really know much about TLS),
chrony is not impacted as it doesn't support resuming TLS sessions. In
the context of NTS that doesn't look like a useful feature.

Even if there wasn't the licensing issue, I'm not sure if we would
be better off with openssl.

Have a look at their CVE lists:
https://gnutls.org/security-new.html
https://www.openssl.org/news/vulnerabilities.html

--
Miroslav Lichvar


--
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.

Follow-Ups:
- Re: [chrony-dev] Experimental NTS support
  - From: Miroslav Lichvar

References:
- Re: [chrony-dev] Experimental NTS support
  - From: Vincent Blut
- Re: [chrony-dev] Experimental NTS support
  - From: Miroslav Lichvar

Messages sorted by: [ date | thread ]
Prev by Date: Re: [chrony-dev] Experimental NTS support
Next by Date: Re: [chrony-dev] [PATCH] nm-dispatcher: handle NTP servers from DHCP
Previous by thread: Re: [chrony-dev] Experimental NTS support
Next by thread: Re: [chrony-dev] Experimental NTS support

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/