The RFC is close to getting published.
Do you know about it? Any thoughts about how to get the pool to support it? In case you and/or others aren't familiar with it, here is a rough description. Details here: https://datatracker.ietf.org/doc/draft-ietf-ntp-using-nts-for-ntp/ The idea is to prevent bad guys from forging replies. It doesn't say anything about the server you are talking to providing good time, just that the answer came from the server you expect. It uses a TLS connection to a NTS-KE server to get several cookies and setup encryption keys. Then individual NTP request/response packets are authenticated. The NTS-KE server needs a certificate. Let's Encrypt works fine. TLS uses TCP and the client needs the host name as used in the certificate. So the pool will have to return something other than A or AAAA records. There was some discussion on the IETF NTP list a few weeks ago. No consensus was reached. Subject: [Ntp] NTP pool and NTS brainstorming https://mailarchive.ietf.org/arch/msg/ntp/RlWnEHLUQL67cW_foXIT3KhkXeE/ Subject: [Ntp] Draft on using NTS with the pool https://mailarchive.ietf.org/arch/msg/ntp/zokbJFLAxlSPqJcuMEteT_AL8gA/ -- These are my opinions. I hate spam. _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
