ntp.conf changes for NTS
Richard Laager
rlaager at wiktel.com
Wed Jan 30 07:19:08 UTC 2019
On 1/29/19 4:38 AM, Hal Murray via devel wrote:
> How should we tell the system we want to use NTS when talking to a server?
>
> The catch is that we potentially need two names/addresses.
>
> I think the simple case is just:
> server ntp.example.com nts
> That will do a NTS-KE exchange with the system at ntp.example.com and use the
> IP Address it returns.
This is a great and simple way to extend the current syntax to support
NTS. I expect this scenario (NTS and NTP on the same endpoint) will be
the common case.
Does this also extend to pool?
pool nts.some.pool.example.com nts
I assume this would mean: speak NTS-KE to nts.some.pool.example.com and
accept a referral from it. Since this is a pool, this whole thing
(NTS-KE connection plus a referral) would be repeated as necessary to
spin up multiple associations, just as pool works today.
> The complicated case is when we want to specify the IP Address. How about:
> server ntp.example.com nts 1.2.3.4
> or
> server ntp.example.com nts bob.example.com
So in this example, you have ntp.example.com as the NTS-KE server, and
1.2.3.4 or bob.example.com as the NTP servers? I assume it has to be
that way, as TLS doesn't work _in practice_ (yes, I know it is supported
in theory) with IP addresses, so 1.2.3.4 can't be the NTS-KE server.
That's a reasonable way to do it.
If I understand Gary correctly, he's suggesting the opposite order:
On 1/29/19 5:31 PM, Gary E. Miller via devel wrote:
> Since this is upward from the existing ntp.conf then ntp.example.com
> must be the NTPD sever and bob the NTS-KE server.
Those same setups (speak NTS-KE to ntp.example.com and request NTP to
1.2.3.4 or bob.example.com) would then be written this way:
server 1.2.3.4 nts ntp.example.com
server bob.example.com nts ntp.example.com
That also seems like a reasonable way to do it.
Either way, then can I do this too?
pool nts.some.pool.example.com nts some.pool.example.com
or
pool some.pool.example.com nts nts.some.pool.example.com
Seeing the pool syntax variant of this makes me lean toward's Gary's
suggestion of order.
--
Richard
More information about the devel
mailing list