On Thu, Nov 28, 2019 at 07:59:24PM +0100, A L wrote: > In the OpenBSD NTP(*) implementation it is possible to use the HTTP date > function to set a constraint to which the client can validate the NTP > responses. I believe that you call it Extra timestamp validation(*). > > Are there any plans to support this mode in Chrony, or a way to get > equivalent validation of the NTP responses?
There is no plan to support the HTTPS date in chrony. The plan is to support the Network Time Security (NTS) authentication. It should be able to scale to very large numbers of clients and the impact on accuracy should be minimal. If you would like to test it, chrony with an experimental support is here: https://github.com/mlichvar/chrony-nts There are some public servers with NTS support. In chrony.conf they can be specified as: server nts-test.strangled.net nts ntsport 443 iburst server time.cloudflare.com nts ntsport 1234 iburst server ntp1.glypnod.com nts ntsport 123 iburst server nts.ntp.se nts ntsport 4443 iburst Please let me know if you see any issues. -- Miroslav Lichvar -- To unsubscribe email chrony-users-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-users-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
