Le 11/03/2020 à 22:30, Hal Murray a écrit : > > The RFC is close to getting published. > > Do you know about it? Any thoughts about how to get the pool to support it? > > In case you and/or others aren't familiar with it, here is a rough > description. Details here: > https://datatracker.ietf.org/doc/draft-ietf-ntp-using-nts-for-ntp/ > > The idea is to prevent bad guys from forging replies. It doesn't say > anything > about the server you are talking to providing good time, just that the answer > came from the server you expect. > > It uses a TLS connection to a NTS-KE server to get several cookies and setup > encryption keys. Then individual NTP request/response packets are > authenticated. > > The NTS-KE server needs a certificate. Let's Encrypt works fine. > > TLS uses TCP and the client needs the host name as used in the certificate. > So the pool will have to return something other than A or AAAA records. > > > There was some discussion on the IETF NTP list a few weeks ago. No consensus > was reached.
If this needs non trivial work on the server side, then you can say goodbye to many servers in the pool... _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
