Hello Christoph, The idea is to prevent so-called "bidding down" attacks. I.e., instead of trying to attack the protection mechanisms, the idea of such stracks is to get the client to simply not use them. Not falling back to NTP without NTS when NTS fails is a way to avoid that, i.e., is fully intended.
Kind regards Joachim 07.08.2025 22:22:03 Christoph Schittel <christoph.schit...@gmail.com>: > Hello! > > When a server directive is specified with "nts" this server is only queried > when nts service is working on this server. > Is there no fallback to unauthenicated time transfer for servers with nts > option given? Like when nts services are failing or temporarily disabled on > the server. > > I know about "authselectmode", but this is only working between different > queried servers, authenticated and not authenticated. > > regards > Christoph > > -- > To unsubscribe email chrony-users-requ...@chrony.tuxfamily.org with > "unsubscribe" in the subject. > For help email chrony-users-requ...@chrony.tuxfamily.org with "help" in the > subject. > Trouble? Email listmas...@chrony.tuxfamily.org. -- To unsubscribe email chrony-users-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-users-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
