On 4/20/20 3:22 AM, Hal Murray via devel wrote: > > One of the last changes to the draft NTS RFC was to change the string > constant > used to make the keys that are used to encrypt and authenticate the NTP+NTS > traffic. > > There isn't any easy way to make a backwards compatible update. > > The symptoms of incompatible versions are that the NTS-KE step will appear to > work but the client and server will be using different keys so the NTP+NTS > traffic won't work. The client will use up all 8 cookies then start over > with > another NTS-KE step. > > Old cookies will continue to work until you restart the client and it gets > new > cookies. I expect to be able to restart the server with nothing worse than > dropping a packet or two. > > The Cloudflare servers were updated a while ago. (This is why they aren't > working if you are using NTS.) > > Miroslav Lichvar (chrony) and I are planning to ship updated code and restart > servers roughly Monday midnight, UTC. (Late afternoon, Pacific time.) I'll > send another message when I've pushed the button.
By Monday, do you mean today (in which case midnight UTC has passed but maybe you mean what is technically Tuesday 00:00) or a week from now? Is the patch available now? If so, can you share it? Is there a particular reason that the code push (as opposed to operational deployment) needs to be super tightly coordinated? If not, can you just push it now? -- Richard
signature.asc
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
