ntp.conf changes for NTS

Gary E. Miller gem at rellim.com
Thu Jan 31 19:51:04 UTC 2019


Yo Achim!

On Thu, 31 Jan 2019 20:02:27 +0100
Achim Gratz via devel <devel at ntpsec.org> wrote:

> The RFC is underspecified w.r.t. pools in my opinion,

Yup.

> I think you'd
> need to reconnect to the NTS-KE, but at least need to re-key the TLS
> session

Why?  To get new C2S and S2C?

> before asking for the next server in that scenario.

Which is the big issue.  How does an NTPD client connect to an NTS-KE and
ask for a "next server"?  The NTS-KE server has no state, so it has no idea
of next.  The NTPD client has no way to tell the NTS-KE server what
servers it already has cookies for.

I suspect it is better for the NTPD client to as the NTS-KE server for
"X" number of NTPD servers, but the protocol has no way to do that.

Next virtual meeting of the NTP WG is Feb 12.  Maybe we should get some
of these issues on their agenda?

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at rellim.com  Tel:+1 541 382 8588

	    Veritas liberabit vos. -- Quid est veritas?
    "If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190131/4fda41c1/attachment.bin>


More information about the devel mailing list