Heads up: incompatible NTS change, Monday midnight, UTC
Richard Laager
rlaager at wiktel.com
Mon Apr 20 16:28:58 UTC 2020
On 4/20/20 3:22 AM, Hal Murray via devel wrote:
>
> One of the last changes to the draft NTS RFC was to change the string constant
> used to make the keys that are used to encrypt and authenticate the NTP+NTS
> traffic.
>
> There isn't any easy way to make a backwards compatible update.
>
> The symptoms of incompatible versions are that the NTS-KE step will appear to
> work but the client and server will be using different keys so the NTP+NTS
> traffic won't work. The client will use up all 8 cookies then start over with
> another NTS-KE step.
>
> Old cookies will continue to work until you restart the client and it gets new
> cookies. I expect to be able to restart the server with nothing worse than
> dropping a packet or two.
>
> The Cloudflare servers were updated a while ago. (This is why they aren't
> working if you are using NTS.)
>
> Miroslav Lichvar (chrony) and I are planning to ship updated code and restart
> servers roughly Monday midnight, UTC. (Late afternoon, Pacific time.) I'll
> send another message when I've pushed the button.
By Monday, do you mean today (in which case midnight UTC has passed but
maybe you mean what is technically Tuesday 00:00) or a week from now?
Is the patch available now? If so, can you share it?
Is there a particular reason that the code push (as opposed to
operational deployment) needs to be super tightly coordinated? If not,
can you just push it now?
--
Richard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20200420/9661b218/attachment.bin>
More information about the devel
mailing list