tlsport & ntpport

Gary E. Miller gem at rellim.com
Sun Feb 3 00:39:22 UTC 2019 

Yo Richard!

On Sat, 2 Feb 2019 17:52:57 -0600
Richard Laager via devel <devel at ntpsec.org> wrote:

> On 2/2/19 7:22 AM, Achim Gratz via devel wrote:
> > Eric S. Raymond via devel writes:  
> >> *tlsport XXX* Contact the NTS-KE server on TCP port XXX.
> >>
> >> *ntpport YYY* Request an NTPD server on UDP port YYY.
> >>
> >> Can anyone explain to me a case in which these are not
> >> equivalent to expcit port prefixes on a server, ask, re require
> >> address?  
> 
> They're not. Do the port suffixes on the server/ask/require instead.

Except the standard says otherwise.  The addresses specifically exclude
the port.  Yes we can translate our config file into the Proposed RFC
format, but every translation adds complexities, and potential errors.

Directly mapping the config to the RFC makes testing and validation
much easier.  It is also common in other SSL/TLS implementations.

And we still have the wonderfull confusion that both IPv6 and port
numbers use colons.  That is a support nightmare...

> > I think you have that right.  But I also think you can never use a
> > different UDP port than the one NTS-KE gave you anyway, so I don't
> > see why you'd even accept a port prefix on the ask/require
> > address.  
> 
> The client can request a port from the NTS-KE server as part of the
> server negotiation. That's why you take one on the ask/require
> address.

But what if you do not care about the address?  Just the port?  For
firewall and/or NAT reasons.  More unneeded complications.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at rellim.com  Tel:+1 541 382 8588

	    Veritas liberabit vos. -- Quid est veritas?
    "If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190202/6eb901d5/attachment.bin>

More information about the devel mailing list