Yo Achim! On Thu, 07 Mar 2019 21:13:47 +0100 Achim Gratz via devel <devel@ntpsec.org> wrote:
> Hal Murray via devel writes:
> > They are needed to use old cookies after restarting ntpd.
>
> I'd not go there. If you do a cold restart, you lose the
> cryptographic state, end of story.
Now imagine you are running ntpd for NIST, and you just did a restart.
Your 200k NTP requests per second now all stopped dead, and started
hammering on your NTS-KE server. Game over, you are dead.
> > A side benefit is that it enables something like a KE server for a
> > pool.
Once again. let's ignore the pool for now...
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
g...@rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
pgpJUC08Jveur.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
