Yo Achim! On Thu, 31 Jan 2019 20:02:27 +0100 Achim Gratz via devel <devel@ntpsec.org> wrote:
> The RFC is underspecified w.r.t. pools in my opinion,
Yup.
> I think you'd
> need to reconnect to the NTS-KE, but at least need to re-key the TLS
> session
Why? To get new C2S and S2C?
> before asking for the next server in that scenario.
Which is the big issue. How does an NTPD client connect to an NTS-KE and
ask for a "next server"? The NTS-KE server has no state, so it has no idea
of next. The NTPD client has no way to tell the NTS-KE server what
servers it already has cookies for.
I suspect it is better for the NTPD client to as the NTS-KE server for
"X" number of NTPD servers, but the protocol has no way to do that.
Next virtual meeting of the NTP WG is Feb 12. Maybe we should get some
of these issues on their agenda?
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
g...@rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
pgp2t34rxU2pA.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
