ntp.conf changes for NTS

Gary E. Miller gem at rellim.com
Wed Jan 30 23:14:28 UTC 2019


Yo Richard!

On Wed, 30 Jan 2019 16:59:28 -0600
Richard Laager via devel <devel at ntpsec.org> wrote:

> There's another complication too. The server can send back a name or
> an IP address. What happens if the client request contains a name and
> the server's response contains an IP? That might be a match (e.g. if
> the client performs an A/AAAA lookup for the name it requested, it
> gets back that IP in the response) or it might not.

Yup.  As the proposed RFC says: OPTIONAL.

> I think it would be useful to understand the use case(s) for the
> client requesting a specific server vs the use case(s) for a user
> configuring the client to request a specific server.

Isn't the client the also the user.  So both cases the same?

I see two reasons to request a specific server.

1. I'm an admin, and I want to test/monitor each NTPD server than
an NTS-KE is serving for.

2. I'm picky, and I want a specific close by server instead of another
one managed by the same NTS-KE that is far away.

For #1 I would insist on the specific NTPD server.

For #2 I would prefer the specific NTPD server, but accept what I
can get.


> Or, you can punt this all to the user by offering both choices:
> 
> nts nts-ke.example.org
> ^^ Accepts whatever is returned.
> 
> nts nts-ke.example.org ask ntpd.example.org
> ^^ Sends an explicit request. Accepts whatever is returned.
> 
> nts nts-ke.example.org require ntpd.example.org
> ^^ Sends an explicit request. If not mirrored back exactly, stop.

I like it.

> Here's another wrinkle. Does the first example, "nts
> nts-ke.example.org", send a request for "nts-ke.example.org"? I think
> it should.

Why?  In the first choice I just want any old chimer.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at rellim.com  Tel:+1 541 382 8588

	    Veritas liberabit vos. -- Quid est veritas?
    "If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190130/7d942129/attachment-0001.bin>


More information about the devel mailing list