Daniel Franke <dfoxfra...@gmail.com>:
> On Tue, Mar 5, 2019 at 7:21 AM Eric S. Raymond <e...@thyrsus.com> wrote:
> > You yourself advocated that Mode 6 ought to be replaced by an HTTP
> > service on TCP port 123. I think that's a good idea, if we can do
> > it. The problem is than NTS-KE *also* wants to have TCP 123.
>
> Like Hal pointed out, ALPN makes this a non-issue.
I can see where it might. Still learning about it, want to see it work.
> But what gave you
> the idea that NTS-KE wants 123/tcp? There's been some back-and-forth
> on this in the WG but I've been advocating against using 123 because
> NTS-KE is explicitly not specific to NTP and can be extended to
> provide similar negotiation mechanisms for other protocols.
Hm. This is my mistake. It was Hal who put the service on port 123.
And that does makes sense with NTS-KE deployed inboard of ntpd. I hope
the RFC will allow this option; it will simplfy deployment a lot.
If you end up going with a non-123 port number, I requst that the RFC
allow use on other ports when and if ALPN is available and specify
the ALPN tag to be used.
> Regardless, it's just a number and makes no technical difference.
I disagree. New firewall holes are difficult, practically if not
theoretically.
--
<a href="http://www.catb.org/~esr/";>Eric S. Raymond</a>
My work is funded by the Internet Civil Engineering Institute: https://icei.org
Please visit their site and donate: the civilization you save might be your own.
_______________________________________________
devel mailing list
devel@ntpsec.org
http://lists.ntpsec.org/mailman/listinfo/devel
