Catching up
Hal Murray
halmurray at sonic.net
Sat Jul 30 09:18:12 UTC 2022
It's also testing the list mail system. As far as I know, that hasn't been
fixed.
There are 2 interesting areas worthy of attention.
--------
The first is #707, NTPv1 traffic dropped in 1.2.1
https://gitlab.com/NTPsec/ntpsec/-/issues/707
(We should have fixed this ages ago.)
I have a partial fix that I'll push soon -- basically reverting the change
that broke things.
But it's more complicated than that. I took a look at some traffic to a pool
server. There are 3 different versions of NTPv1 traffic. I/we have no way to
test this area since we don't know what sort of filtering (if any) the client
code is doing.
This brings up another can of worms. How long are we expected to support
NTPv1?
----------
The second area is a simple merge request to disable DNSSEC for ntpd.
https://gitlab.com/NTPsec/ntpsec/-/merge_requests/1283
DNSSEC has time-must-be-close-enough requirements, just like NTS needs the
clock to be close enough when checking certificates.
Again, things are complicated. I'm working on a README-STARTING to collect
idea about getting started. I think the basic issue is do we want:
ntpd to work most of the time but maybe insecurely
or
ntpd to work securely but maybe never get started
The first is the way that ntpd worked before NTS or DNSSEC. You could fixup
your broken battery backed clock by running ntpd. Some users expect that.
--
These are my opinions. I hate spam.
More information about the devel
mailing list