One of the last changes to the draft NTS RFC was to change the string constant used to make the keys that are used to encrypt and authenticate the NTP+NTS traffic.
There isn't any easy way to make a backwards compatible update. The symptoms of incompatible versions are that the NTS-KE step will appear to work but the client and server will be using different keys so the NTP+NTS traffic won't work. The client will use up all 8 cookies then start over with another NTS-KE step. Old cookies will continue to work until you restart the client and it gets new cookies. I expect to be able to restart the server with nothing worse than dropping a packet or two. The Cloudflare servers were updated a while ago. (This is why they aren't working if you are using NTS.) Miroslav Lichvar (chrony) and I are planning to ship updated code and restart servers roughly Monday midnight, UTC. (Late afternoon, Pacific time.) I'll send another message when I've pushed the button. That's a rough time estimate. Christer Weinigel (Sweeden) will update his servers too, but I'm not sure when. -- These are my opinions. I hate spam. _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
