[Git][NTPsec/ntpsec][master] 2 commits: nts.adoc: Propose ntpport and tlsport TLS options aren't needed.

Eric S. Raymond gitlab at mg.gitlab.com
Sat Feb 2 19:19:19 UTC 2019 

Eric S. Raymond pushed to branch master at NTPsec / ntpsec


Commits:
9d42d168 by Eric S. Raymond at 2019-02-02T18:59:24Z
nts.adoc: Propose ntpport and tlsport TLS options aren't needed.

They replicate things that can be done by address port suffixes, if
they're possible at all.

- - - - -
f38860b9 by Eric S. Raymond at 2019-02-02T19:18:00Z
Move implemented options from nts.adoc to docs/includes/assoc-options.adoc.

- - - - -


2 changed files:

- devel/nts.adoc
- docs/includes/assoc-options.adoc


Changes:

=====================================
devel/nts.adoc
=====================================
@@ -230,27 +230,10 @@ the TLS key, certificate, and intermediate certificate bundles.
 The NTS-KE server MAY have a method to reload the key, certificate,
 and intermediate certificate bundles without a full daemon restart.
 
-== NTP Configuration parameters ==
+== NTS Configuration parameters (client side) ==
 
-See also the NTP documentation.
-
-New options for an NTS client:
-
-*tlsport XXX* Contact the NTS-KE server on TCP port XXX.
-
-*ntpport YYY* Request an NTPD server on UDP port YYY.
-
-*ask [address]* (IMPLEMENTED) Request a particular NTPD server, but do
-not require it. [address] is an ASCII-encoded [ANSI.X3-4.1986] string
-conforming to the syntax of the Host subcomponent of a URI (Section
-3.2.2 of RFC3986).  *address* may be a hostname, a FQDN, an IPv4
-numeric address, an IPv6 numeric address (in square brackets).
-
-*require [address]* (IMPLEMENTED) Require a particular NTPD server,
-fail if it is not the NTPD sevver address returned.  Otherwise same as
-*ask*.
-
-*noval* (IMPLEMENTED) Do not validate the server certificate
+Options now implemented in the config parser are now described in
+docs/includes/assoc-options.txt
 
 *cert [file]*  Present the certificate in *file* as our client certificate
 
@@ -271,9 +254,6 @@ separately as OpenSSL needs them separately.
 *ntpciphers [list]* List of ciphers to negotiate, in prefered order for
 the NTPD connection.  The server must support AEAD_AES_SIV_CMAC_256.
 
-*expire [seconds]* (IMPLEMENTED) How long to use an NTPD association
-before rekeying with the NTS-KE server.
-
 == NTS-KE Server Configuration parameters ==
 
 == TLS Options ==


=====================================
docs/includes/assoc-options.adoc
=====================================
@@ -79,11 +79,12 @@
   that can be omitted when the option is given.
 
 +nts ask+ 'address'::
-  Use Network Time Security for authentication and encryption.
-  Ask for a specific NTS server, which may differ from the NTP server.
-  The +address_ may be a hostname, a FQDN, an IPv4 numeric address, an
-  IPv6 numeric addresa (in square brackets).  Address may have the suffix
-  +:port+ to specify a UDP port.
+  Use Network Time Security for authentication and encryption.  Ask
+  for a specific NTS server, which may differ from the NTP server.
+  Conforms to RFC3896 section 3.2.2 prescription for the Host part of
+  a URI: that is, the +address_ may be a hostname, a FQDN, an IPv4
+  numeric address, an IPv6 numeric addresa (in square brackets).
+  Address may have the suffix +:port+ to specify a UDP port.
 
 +nts require+ 'address'::
   Use Network Time Security for authentication and encryption.
@@ -94,6 +95,7 @@
   Do not validate the server certificate.
 
 +nts expire::
-  Do not validate the server certificate.
+  How long to use a secured NTP association before rekeying with the
+  NTS-KE server.
 
 // end



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/09a3ecda4802b610fe6d79011ca52581a509a4d1...f38860b94f8abfc685abd3382ef00ee355ca5f30

-- 
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/09a3ecda4802b610fe6d79011ca52581a509a4d1...f38860b94f8abfc685abd3382ef00ee355ca5f30
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20190202/879b7f6e/attachment-0001.html>

More information about the vc mailing list