Yo Hal! On Wed, 20 Mar 2019 03:45:21 -0700 Hal Murray via devel <devel@ntpsec.org> wrote:
> Is anybody else testing things?
I' waiting for Gentoo to have the required openssl version.
> I just fixed the cookie-key timer so that it actually rotates
> cookies. You need to delete your current cookie file
> at /var/lib/ntp/nts-keys
Cool.
> The timer is set to an hour rather than a day.
Good.
> So if your clients
> poll interval gets up to 1024, it will use some old cookies and after
> another hour the cookies will be too old and eventually run out and
> trigger the retry logic to run NTS-KE again.
Hmm....
What I am worried bout is inrush to the NTS-KE server.
Take the case of a NIST chimer doing 200k time requests a second.
If each of those clients is chiming every 64 seconds, that is 12,800 clients.
When that master key expires, then the NTS-KE will get 12,800 new cookie
requests in 64 seconds. Ouch. Gotta figure out how to spread that out a bit.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
g...@rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
pgpcJiiKCbsjy.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
