On 1/29/19 4:38 AM, Hal Murray via devel wrote: > How should we tell the system we want to use NTS when talking to a server? > > The catch is that we potentially need two names/addresses. > > I think the simple case is just: > server ntp.example.com nts > That will do a NTS-KE exchange with the system at ntp.example.com and use the > IP Address it returns.
This is a great and simple way to extend the current syntax to support NTS. I expect this scenario (NTS and NTP on the same endpoint) will be the common case. Does this also extend to pool? pool nts.some.pool.example.com nts I assume this would mean: speak NTS-KE to nts.some.pool.example.com and accept a referral from it. Since this is a pool, this whole thing (NTS-KE connection plus a referral) would be repeated as necessary to spin up multiple associations, just as pool works today. > The complicated case is when we want to specify the IP Address. How about: > server ntp.example.com nts 1.2.3.4 > or > server ntp.example.com nts bob.example.com So in this example, you have ntp.example.com as the NTS-KE server, and 1.2.3.4 or bob.example.com as the NTP servers? I assume it has to be that way, as TLS doesn't work _in practice_ (yes, I know it is supported in theory) with IP addresses, so 1.2.3.4 can't be the NTS-KE server. That's a reasonable way to do it. If I understand Gary correctly, he's suggesting the opposite order: On 1/29/19 5:31 PM, Gary E. Miller via devel wrote: > Since this is upward from the existing ntp.conf then ntp.example.com > must be the NTPD sever and bob the NTS-KE server. Those same setups (speak NTS-KE to ntp.example.com and request NTP to 1.2.3.4 or bob.example.com) would then be written this way: server 1.2.3.4 nts ntp.example.com server bob.example.com nts ntp.example.com That also seems like a reasonable way to do it. Either way, then can I do this too? pool nts.some.pool.example.com nts some.pool.example.com or pool some.pool.example.com nts nts.some.pool.example.com Seeing the pool syntax variant of this makes me lean toward's Gary's suggestion of order. -- Richard _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
