Heads up: incompatible NTS change, Monday midnight, UTC
Hal Murray
hmurray at megapathdsl.net
Mon Apr 20 08:22:03 UTC 2020
One of the last changes to the draft NTS RFC was to change the string constant
used to make the keys that are used to encrypt and authenticate the NTP+NTS
traffic.
There isn't any easy way to make a backwards compatible update.
The symptoms of incompatible versions are that the NTS-KE step will appear to
work but the client and server will be using different keys so the NTP+NTS
traffic won't work. The client will use up all 8 cookies then start over with
another NTS-KE step.
Old cookies will continue to work until you restart the client and it gets new
cookies. I expect to be able to restart the server with nothing worse than
dropping a packet or two.
The Cloudflare servers were updated a while ago. (This is why they aren't
working if you are using NTS.)
Miroslav Lichvar (chrony) and I are planning to ship updated code and restart
servers roughly Monday midnight, UTC. (Late afternoon, Pacific time.) I'll
send another message when I've pushed the button.
That's a rough time estimate.
Christer Weinigel (Sweeden) will update his servers too, but I'm not sure when.
--
These are my opinions. I hate spam.
More information about the devel
mailing list