I just pushed code to save 10 NTS keys used to make cookies. That will let clients that only probe once a day work without going back to NTS-KE to get new cookies.
I don't expect troubles, but please test. The old code only saved 2 keys, the current one and the previous one. Keys are rotated every 24 hours. With one old key, cookies are guaranteed to be valid for 24 hours. With 8 cookies, that works fine with a polling interval of up to 24/8 or 3 hours. That's fine for normal ntpd operations but won't work cleanly when a client does something like polling from a daily cron job. 2 new counters have been added to ntpq/ntsinfo NTS decode cookies: 6080 NTS decode cookies old: 0 NTS decode cookies old2: 0 NTS decode cookies older: 0 NTS decode cookies too old: 0 The first slot is used for cookies using the current key -- less than 24 hours old. The second slot is used for cookies that are 0-24 hours old. It's normal to see that. If you have 8 cookies made with the current key and the server makes a new key, then your cookies are now setup to use the previous key which is the second slot. The third slot is for cookies 24-48 hours old. The 4th slot is for cookies that are 2-9 days old. I've seen a few hits on the 24-48 hour slot in a pool server. In case anybody is ever working in this area, you can change the #define constant for making a new cookie every day to every hour. -- These are my opinions. I hate spam. _______________________________________________ devel mailing list devel@ntpsec.org https://lists.ntpsec.org/mailman/listinfo/devel
