NTS: Client side, ask and require

Gary E. Miller gem at rellim.com
Sun Feb 24 23:32:48 UTC 2019


Yo Hal!

On Sun, 24 Feb 2019 15:01:43 -0800
Hal Murray via devel <devel at ntpsec.org> wrote:

> What do these mean?

These map ont-to-one to NTS-KE options.

>        ask address
>            Use Network Time Security for authentication and
> encryption. Ask for a specific NTS server, which may differ from the
> NTP server. Conforms to RFC 3896 section 3.2.2 prescription for the
> Host part of a URI: that is, the address may be a hostname, an FQDN,
> an IPv4 numeric address, or an IPv6 numeric address (in square
> brackets). The address may have the suffix :port to specify a UDP
> port.

The NTS-KE client will ask the NTS-KE server for a particulat NTP
server.  But accept any NTPD server in response.


>        require address
>            Use Network Time Security for authentication and
> encryption. Require a specific NTS server, which may differ from the
> NTP server. Address syntax is as for ask.

The NTS-KE client will ask the NTS-KE server for a particular NTP
server.  Fail if is does not get it.

>  I can't figure out what combination of NTS-KE server and NTP server
> those are trying to describe.

They say NOTHING about NTS-KE server, just the NTPD server.  The
NTS-KE server is the address after the server statement.

Yes, it is confisuing, that is why there way a proposal for a different
syntax that Eric vetoed.  You are making the exact mistake we
foresaw.  This will contoinue with the current syntax.

> We get a text string after the "server" command.  Normally, that's
> the NTP hostname.  If it is followed by "nts", it becomes the NS-KE
> server name and default NTP server name.

Uh, no.  Just the NTS-KE server name.  The default NTP server name
is whatever the NTS-KE server returns.  That is the Proposed RFC.

> The NTS-KE exchange may return a string which is a name or address of
> the NTP server to use.  (currently ignored)  You can also request a
> specific address.

Yup.  Ignoring it is wrong.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at rellim.com  Tel:+1 541 382 8588

	    Veritas liberabit vos. -- Quid est veritas?
    "If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190224/b4a353c9/attachment.bin>


More information about the devel mailing list