Are we thrashing?

Gary E. Miller gem at rellim.com
Sun Feb 3 00:21:46 UTC 2019


Yo Richard!

On Sat, 2 Feb 2019 18:17:17 -0600
Richard Laager via devel <devel at ntpsec.org> wrote:

> On 2/2/19 5:45 PM, Hal Murray via devel wrote:
> > Another thing that might help is to keep the time scale in mind.
> > What do we need for first ship?  What can wait?  How much do we
> > need to think about issues that can wait to make sure we don't
> > paint ourselves into a corner?  
> 
> For first ship on the client, you need:
> 
> nts <host>
> or
> server <host> nts
> 
> You do need to pick which one, though, for first ship, keeping in mind
> that there will be several per-host options in the future.
> 
> NTP server negotiation (the "ask" and "require" options discussed) are
> optional, so not required for first ship.
> 
> Handling a pool is not required for first ship, especially since there
> is no pool yet and there are still questions about how it would work.
> 
> You can accept all of the TLS defaults for first ship, so no minver,
> no ciphers/ciphersuite strings, or root certificate option. Though
> those are all pretty straightforward to implement.
> 
> There is a required algorithm for NTP crypto, so you can implement
> only that one for first ship, so no need for an ntpciphers option.
> 
> You can require that all testing be done with valid certs (e.g. from
> Let's Encrypt), so you can skip "noval" for first ship. Though that
> one is trivial to implement.
> 
> Likewise for the above on the TLS of the NTS-KE server first ship. You
> do need obviously need to specify the server key, certificate, and
> intermediate certificate, though if you want to go full minimal, those
> could be hard-coded file paths, not config options.

Absolutely agree, for first ship.  But that is not what got 'decided'.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at rellim.com  Tel:+1 541 382 8588

	    Veritas liberabit vos. -- Quid est veritas?
    "If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190202/61669287/attachment-0001.bin>


More information about the devel mailing list