Heads up: incompatible NTS change, Monday midnight, UTC

Hal Murray hmurray at megapathdsl.net
Mon Apr 20 08:22:03 UTC 2020

One of the last changes to the draft NTS RFC was to change the string constant 
used to make the keys that are used to encrypt and authenticate the NTP+NTS 

There isn't any easy way to make a backwards compatible update.

The symptoms of incompatible versions are that the NTS-KE step will appear to 
work but the client and server will be using different keys so the NTP+NTS 
traffic won't work.  The client will use up all 8 cookies then start over with 
another NTS-KE step.

Old cookies will continue to work until you restart the client and it gets new 
cookies.  I expect to be able to restart the server with nothing worse than 
dropping a packet or two.

The Cloudflare servers were updated a while ago.  (This is why they aren't 
working if you are using NTS.)

Miroslav Lichvar (chrony) and I are planning to ship updated code and restart 
servers roughly Monday midnight, UTC.  (Late afternoon, Pacific time.)  I'll 
send another message when I've pushed the button.

That's a rough time estimate.

Christer Weinigel (Sweeden) will update his servers too, but I'm not sure when.

These are my opinions.  I hate spam.

More information about the devel mailing list