On Tue, Mar 29, 2016 at 10:22:56AM -0400, Sharon Goldberg wrote: > On Tue, Mar 29, 2016 at 9:26 AM, Miroslav Lichvar <[email protected]> > wrote: > > A missed NTP packet or client dropping a bad sample is a common > > occurence. For instance, the clock filter in ntpd can drop up to 7 > > consecutive samples. A couple of samples dropped due to invalid > > authentication after the server refreshes its seed shouldn't be a big > > deal. > > > > What if an NTS KE message is lost? How will NTS recover and will it need
A missed reply doesn't change the client's NTS state. On next poll, it will send a new request with the same NTS message as before, just nonce will be different. > to wait an entire poll interval to do that? Yes and that interval needs to be slowly increasing up to the maximum, as NTP and other network protocols normally do when packets are getting lost. If the server was operating at its maximum capacity and a significant number of its clients shortened their interval after missed reply, I think it would basically be a DoS attack. -- Miroslav Lichvar _______________________________________________ TICTOC mailing list [email protected] https://www.ietf.org/mailman/listinfo/tictoc
