ntp.conf changes for NTS

Gary E. Miller gem at rellim.com
Thu Jan 31 23:11:00 UTC 2019 

Yo Richard!

On Thu, 31 Jan 2019 16:45:01 -0600
Richard Laager via devel <devel at ntpsec.org> wrote:

> On 1/31/19 12:46 PM, Achim Gratz via devel wrote:
> > Richard Laager via devel writes:  
> >> Here's another wrinkle. Does the first example, "nts
> >> nts-ke.example.org", send a request for "nts-ke.example.org"? I
> >> think it should.  
> > 
> > The RFC doesn't have an explicit preference, but it's implied that
> > there is no server negotiation at all in this case, not from the
> > client nor the NTS-KE.  So in order to pin the NTS-KE as the server
> > you'd need to do
> > 
> > nts nts-ke.example.org require nts-ke.example.org  
> 
> I agree that would be required to pin it. I wasn't asking to pin it by
> default, just if ntpd should (as a client) always send a Server
> Negotiation record. Given it's not required by the draft, it sounds
> like you and Gary are leaning toward "no".

If the client is not asking for a particular server, then why send
the record?  How would a casual client even know what NTPD servers
it could ask for?

> I don't have enough of a provable use case to argue further in favor
> of always sending a Server Negotiation record.

Then are we all OK with the following?

nts nts-ke.example.com
nts nts-ke.example.com ask ntp.example.com
nts nts-ke.example.com require ntp.example.com

Maybe expanded to ask for 3 pool servers:

nts nts-ke.example.com pool 3

I have no idea how the last could work, but I think we all want it.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at rellim.com  Tel:+1 541 382 8588

	    Veritas liberabit vos. -- Quid est veritas?
    "If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190131/6c85978f/attachment.bin>

More information about the devel mailing list