NTS update
Gary E. Miller
gem at rellim.com
Wed Mar 20 18:41:26 UTC 2019
Yo Hal!
On Wed, 20 Mar 2019 03:45:21 -0700
Hal Murray via devel <devel at ntpsec.org> wrote:
> Is anybody else testing things?
I' waiting for Gentoo to have the required openssl version.
> I just fixed the cookie-key timer so that it actually rotates
> cookies. You need to delete your current cookie file
> at /var/lib/ntp/nts-keys
Cool.
> The timer is set to an hour rather than a day.
Good.
> So if your clients
> poll interval gets up to 1024, it will use some old cookies and after
> another hour the cookies will be too old and eventually run out and
> trigger the retry logic to run NTS-KE again.
Hmm....
What I am worried bout is inrush to the NTS-KE server.
Take the case of a NIST chimer doing 200k time requests a second.
If each of those clients is chiming every 64 seconds, that is 12,800 clients.
When that master key expires, then the NTS-KE will get 12,800 new cookie
requests in 64 seconds. Ouch. Gotta figure out how to spread that out a bit.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190320/e2a52c8f/attachment.bin>
More information about the devel
mailing list