ntp.conf changes for NTS
Gary E. Miller
gem at rellim.com
Tue Jan 29 23:31:27 UTC 2019
Yo James!
On Tue, 29 Jan 2019 15:23:04 -0800
James Browning via devel <devel at ntpsec.org> wrote:
> On 1/29/19, Gary E. Miller via devel <devel at ntpsec.org> wrote:
> > Yo Hal!
> >
> > On Tue, 29 Jan 2019 02:38:26 -0800
> > Hal Murray via devel <devel at ntpsec.org> wrote:
> >
> >> The complicated case is when we want to specify the IP Address.
> >> How about: server ntp.example.com nts 1.2.3.4
> >> or
> >> server ntp.example.com nts bob.example.com
> >
> > Why do we need ntp.example.com at all? Aren't we supposed to use
> > the NTPD server returned from bob.example.com?
>
> For instances when we want to ask ntp.example.com about 1.2.3.4
I never mentioned anything about 1.2.3.4. Not going there yet.
> because TLS certificates are not assigned for IP addresses or
Yes, but IP addresses still work (sort of) fine with TLS. Still not
going there, yet.
> bob.example.com does not have a local NTS KE daemon. (possibly because
> it is an internet connected microwave or something)
If bob.example.com is not an NTS-KE server then what is the point? Why
does the example mark bob as an NTS-KE server?
Since this is upward from the existing ntp.conf then ntp.example.com
must be the NTPD sever and bob the NTS-KE server. But once you specify
an NTS-KE server you should not specify the NTPD server.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190129/98da0481/attachment-0001.bin>
More information about the devel
mailing list