Closed fiestajetsam closed 1 year ago
I'm curious what you have in mind in saying in email "the design of NTPv5 could minimise (but not 100% mitigate) large amounts of unauthorised traffic." Ulrich likely had in mind that there's not much you can do with UDP to prevent flooding, and effective mitigation usually needs more/faster servers or upstream filtering. Remember that some client implementations are horrible, such as querying repeatedly at high rate until they get a useful response.
I agree that UDP is part of the issue here (and BCP 38 was supposed to be part of the solution to fix it, but well...) however there's something to be said about how protocols operate on top of UDP. that can either be exploited by how UDP works, or exacerbate UDP's flaws. This is something that needs some further thought, I am willing to bet later reviews will also expect greater clarity over this point.
Ulrich writes:
I don't completely agree, but if there's a better way to write this...