Yo Richard! On Sat, 2 Feb 2019 17:52:57 -0600 Richard Laager via devel <devel@ntpsec.org> wrote:
> On 2/2/19 7:22 AM, Achim Gratz via devel wrote:
> > Eric S. Raymond via devel writes:
> >> *tlsport XXX* Contact the NTS-KE server on TCP port XXX.
> >>
> >> *ntpport YYY* Request an NTPD server on UDP port YYY.
> >>
> >> Can anyone explain to me a case in which these are not
> >> equivalent to expcit port prefixes on a server, ask, re require
> >> address?
>
> They're not. Do the port suffixes on the server/ask/require instead.
Except the standard says otherwise. The addresses specifically exclude
the port. Yes we can translate our config file into the Proposed RFC
format, but every translation adds complexities, and potential errors.
Directly mapping the config to the RFC makes testing and validation
much easier. It is also common in other SSL/TLS implementations.
And we still have the wonderfull confusion that both IPv6 and port
numbers use colons. That is a support nightmare...
> > I think you have that right. But I also think you can never use a
> > different UDP port than the one NTS-KE gave you anyway, so I don't
> > see why you'd even accept a port prefix on the ask/require
> > address.
>
> The client can request a port from the NTS-KE server as part of the
> server negotiation. That's why you take one on the ask/require
> address.
But what if you do not care about the address? Just the port? For
firewall and/or NAT reasons. More unneeded complications.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
g...@rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
pgprYPZwuUzzx.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
