[Git][NTPsec/ntpsec][master] 2 commits: clarify that pre-NTS-RFC-release ntpsec-version cannot talk to current NTS servers or clients.

James Browning (@jamesb_fe80) gitlab at mg.gitlab.com
Tue Apr 12 11:13:21 UTC 2022 


James Browning pushed to branch master at NTPsec / ntpsec


Commits:
febe31d2 by Michael Meier at 2022-04-12T11:05:53+00:00
clarify that pre-NTS-RFC-release ntpsec-version cannot talk to current NTS servers or clients.

- - - - -
8d6e7691 by Michael Meier at 2022-04-12T11:05:53+00:00
small correction to the version numbers supporting final-RFC8915-NTS.

- - - - -


1 changed file:

- docs/NTS-QuickStart.adoc


Changes:

=====================================
docs/NTS-QuickStart.adoc
=====================================
@@ -32,15 +32,23 @@ NTS is a method for using TLS/SSL to authenticate NTP traffic on the net.
 That means that bad guys can't forge packets that will give your
 system bogus time.
 
-The RFC hasn't been published yet (August 2020).  Nothing has changed
-recently, but there may be minor adjustments when it is finalized.
+It is specified in RFC 8915, published in September 2020.
 
-Note: The NTP Pool does not currently support NTS.
+Note: The https://www.ntppool.org/[NTP Pool] does not currently support NTS.
 
 It is strongly suggested that you get a "normal", unauthenticated,
 NTP server working before enabling NTS.  This may reduce the time
 spent debugging.  See the link:quick.adoc[Client Quick Start Guide].
 
+While NTPsec already supported NTS as RFC 8915 still was in the draft
+phase, there unfortunately were incompatible changes introduced shortly
+before it was published. As a result, while NTPsec-versions before 1.1.9
+do in principle support NTS, they cannot talk to any NTS servers or
+clients that implement the final RFC, which includes NTPsec-versions from
+1.1.9 onwards. And NTPsec 1.1.9 requires manually specifying the correct
+port number (4460), because it still defaulted to 123. 1.2.0 is the first
+version of NTPsec to fully support NTS as specified in RFC 8915.
+
 [[client]]
 == NTS Client Configuration
 
@@ -53,7 +61,8 @@ Public NTP servers supporting NTS:
 
 ------------------------------------------------------------
 server time.cloudflare.com nts     # Global, anycast
-server nts.ntp.se:4443 nts         # Sweden
+server nts.ntp.se nts              # Sweden
+server nts.ntp.se:4443 nts         # Sweden: only for NTPsec <1.1.9
 ------------------------------------------------------------
 
 These are development machines, so there may be gaps in availability:



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/compare/1a7bb2e3a2749bd709ea4cf10b66b6f6d05aaf9d...8d6e76914e284714d209518544dfaa51e267f58e

-- 
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/compare/1a7bb2e3a2749bd709ea4cf10b66b6f6d05aaf9d...8d6e76914e284714d209518544dfaa51e267f58e
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20220412/e8690d27/attachment-0001.htm>

More information about the vc mailing list