[Git][NTPsec/ntpsec][master] 2 commits: nts.adoc: Propose ntpport and tlsport TLS options aren't needed.
Eric S. Raymond
gitlab at mg.gitlab.com
Sat Feb 2 19:19:19 UTC 2019
Eric S. Raymond pushed to branch master at NTPsec / ntpsec
Commits:
9d42d168 by Eric S. Raymond at 2019-02-02T18:59:24Z
nts.adoc: Propose ntpport and tlsport TLS options aren't needed.
They replicate things that can be done by address port suffixes, if
they're possible at all.
- - - - -
f38860b9 by Eric S. Raymond at 2019-02-02T19:18:00Z
Move implemented options from nts.adoc to docs/includes/assoc-options.adoc.
- - - - -
2 changed files:
- devel/nts.adoc
- docs/includes/assoc-options.adoc
Changes:
=====================================
devel/nts.adoc
=====================================
@@ -230,27 +230,10 @@ the TLS key, certificate, and intermediate certificate bundles.
The NTS-KE server MAY have a method to reload the key, certificate,
and intermediate certificate bundles without a full daemon restart.
-== NTP Configuration parameters ==
+== NTS Configuration parameters (client side) ==
-See also the NTP documentation.
-
-New options for an NTS client:
-
-*tlsport XXX* Contact the NTS-KE server on TCP port XXX.
-
-*ntpport YYY* Request an NTPD server on UDP port YYY.
-
-*ask [address]* (IMPLEMENTED) Request a particular NTPD server, but do
-not require it. [address] is an ASCII-encoded [ANSI.X3-4.1986] string
-conforming to the syntax of the Host subcomponent of a URI (Section
-3.2.2 of RFC3986). *address* may be a hostname, a FQDN, an IPv4
-numeric address, an IPv6 numeric address (in square brackets).
-
-*require [address]* (IMPLEMENTED) Require a particular NTPD server,
-fail if it is not the NTPD sevver address returned. Otherwise same as
-*ask*.
-
-*noval* (IMPLEMENTED) Do not validate the server certificate
+Options now implemented in the config parser are now described in
+docs/includes/assoc-options.txt
*cert [file]* Present the certificate in *file* as our client certificate
@@ -271,9 +254,6 @@ separately as OpenSSL needs them separately.
*ntpciphers [list]* List of ciphers to negotiate, in prefered order for
the NTPD connection. The server must support AEAD_AES_SIV_CMAC_256.
-*expire [seconds]* (IMPLEMENTED) How long to use an NTPD association
-before rekeying with the NTS-KE server.
-
== NTS-KE Server Configuration parameters ==
== TLS Options ==
=====================================
docs/includes/assoc-options.adoc
=====================================
@@ -79,11 +79,12 @@
that can be omitted when the option is given.
+nts ask+ 'address'::
- Use Network Time Security for authentication and encryption.
- Ask for a specific NTS server, which may differ from the NTP server.
- The +address_ may be a hostname, a FQDN, an IPv4 numeric address, an
- IPv6 numeric addresa (in square brackets). Address may have the suffix
- +:port+ to specify a UDP port.
+ Use Network Time Security for authentication and encryption. Ask
+ for a specific NTS server, which may differ from the NTP server.
+ Conforms to RFC3896 section 3.2.2 prescription for the Host part of
+ a URI: that is, the +address_ may be a hostname, a FQDN, an IPv4
+ numeric address, an IPv6 numeric addresa (in square brackets).
+ Address may have the suffix +:port+ to specify a UDP port.
+nts require+ 'address'::
Use Network Time Security for authentication and encryption.
@@ -94,6 +95,7 @@
Do not validate the server certificate.
+nts expire::
- Do not validate the server certificate.
+ How long to use a secured NTP association before rekeying with the
+ NTS-KE server.
// end
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/09a3ecda4802b610fe6d79011ca52581a509a4d1...f38860b94f8abfc685abd3382ef00ee355ca5f30
--
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/09a3ecda4802b610fe6d79011ca52581a509a4d1...f38860b94f8abfc685abd3382ef00ee355ca5f30
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20190202/879b7f6e/attachment-0001.html>
More information about the vc
mailing list