ntp.conf changes for NTS

Gary E. Miller gem at rellim.com
Thu Jan 31 21:53:51 UTC 2019


Yo Achim!

On Thu, 31 Jan 2019 19:33:49 +0100
Achim Gratz via devel <devel at ntpsec.org> wrote:

> Gary E. Miller via devel writes:
> >> The same as if you never get an answer from any other random server
> >> you tried to contact for whatever reason through a proxy.  
> >
> > But it DOES give you an answer back.  
> 
> Optionally, yes.  I think this part of the RFC is poorly thought out,
> I'd prefer if the NTS-KE just straight failed if the server you
> specified is not available.

I'm not sure why it has to be in the NTS-KE server.  The client is free
to accept or reject the offered NTPD server.

> Which is however an option the
> implementer of the NTS-KE could chose.

Nut the NTS-KE does not care, so it has no basis to choose.

> The client has to deal with
> either response, but again does not need to accept the offered
> server, up for us to chose as default behaviour.

So, back to how we update ntp.conf to encode "ask" and "require".

I think the current proposal works:

nts nts-ke.example.com
nts nts-ke.example.com ask ntp.example.com
nts nts-ke.example.com require ntp.example.com

Maybe expanded to ask for 3 pool servers:

nts nts-ke.example.com pool 3

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at rellim.com  Tel:+1 541 382 8588

	    Veritas liberabit vos. -- Quid est veritas?
    "If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190131/f6719aac/attachment.bin>


More information about the devel mailing list