From 739d84ff908a421104cd52bce6f11cb6b497271e Mon Sep 17 00:00:00 2001
From: deraadt <>
Date: Sun, 10 Nov 2019 19:28:34 +0000
Subject: [PATCH] document server/servers "trusted" sub-option.  Indicates a
 particular server is wired up such that non MITM attacks are possible, and
 NTP packets can be trusted.  Therefore constraint validity is not required,
 and during boot ntpd can spin-up correct time faster. with otto, ok jmc
 schwarze

---
 src/usr.sbin/ntpd/ntpd.conf.5 | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/usr.sbin/ntpd/ntpd.conf.5 b/src/usr.sbin/ntpd/ntpd.conf.5
index 38ce229b..69ee4ee6 100644
--- a/src/usr.sbin/ntpd/ntpd.conf.5
+++ b/src/usr.sbin/ntpd/ntpd.conf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ntpd.conf.5,v 1.39 2019/11/10 18:46:53 deraadt Exp $
+.\" $OpenBSD: ntpd.conf.5,v 1.40 2019/11/10 19:28:34 deraadt Exp $
 .\"
 .\" Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
 .\"
@@ -146,6 +146,7 @@ A server with a weight of 5, for example,
 will have five times more influence on time offset calculation
 than a server with a weight of 1.
 .It Xo Ic server Ar address
+.Op Ic trusted
 .Op Ic weight Ar weight-value
 .Xc
 Specify the IP address or the hostname of an NTP
@@ -169,7 +170,19 @@ server ntp.example.org weight 1
 To provide redundancy, it is good practice to configure multiple servers.
 In general, best accuracy is obtained by using servers that have a low
 network latency.
+.Pp
+The
+.Ic trusted
+keyword indicates the server is connected closely on a secure network such that
+NTP packets cannot be injected as man-in-the-middle attacks.
+NTP packets from these servers are considered truthful without validation
+by
+.Ic constraints .
+This is useful for boot-time correction in environments where
+.Ic constraints
+cannot be used.
 .It Xo Ic servers Ar address
+.Op Ic trusted
 .Op Ic weight Ar weight-value
 .Xc
 As with