ntp.conf changes for NTS

Gary E. Miller gem at rellim.com
Fri Feb 1 19:20:32 UTC 2019


Yo Hal!

On Fri, 01 Feb 2019 11:11:14 -0800
Hal Murray via devel <devel at ntpsec.org> wrote:

> Gary said:
> > But then how do I say I want 2 from this pool and 2 from that
> > pool?  
> 
> With the current code, you can't.
> 
> I don't think we should tangle that discussion with NTS.

Too late.  How to make the pool and nts play together is already an issue.

> >> If you need more, it does another DNS lookup.  
> > And, of course, that DNS thing is problematic with NTS...   
> 
> I think there is a reasonable parallel between get another server via
> DNS and get another server via NTS-KE.

Yes, except the protocol, as defined in the Proposed RFC, does not support it.

> There are (at least) two ways to interpret:
>   pool pool.example.com nts
> 
> 1) It could do a NTS-KE connection to pool.example.com and get back
> several IP Addresses and associated cookies.  The protocol doesn't
> support that yet, but seems reasonable to extend.

Except we don't control the protocol.  And the typical pool is
single servers.  We can expect this to contrinue with the typical
pool NTS-KE server only having on NTD server associated, and thus
unable to return more than one NTPD server.

> 2) It could do a DNS lookup on pool.example.com, get back several IP 
> addresses, then do a NTS-KE dance with each address.

Which may fail because different NTS-KE server may return the same
NTPD address.  But still they way I would start to look at it.

This prolly needs to be brought up to the WG.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at rellim.com  Tel:+1 541 382 8588

	    Veritas liberabit vos. -- Quid est veritas?
    "If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190201/7af51ec2/attachment.bin>


More information about the devel mailing list