| Re: [chrony-dev] Experimental NTS support |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-dev Archives
]
On Sun, Jun 30, 2019 at 10:41:04PM -0500, Lonnie Abelbeck wrote:
> While reading about NTS, possibly my thinking is misguided, but NTS seems overly complicated.
>
> I'm a big fan of Jason Donenfeld's Wireguard [1], and wondered how wrapping NTP with WireGuard would effect delay/accuracy.
I like Wireguard and use it, but I'm not sure if it's really
comparable to what NTS is trying to do. The main point of NTS is that
the server is stateless, so it can provide a (public) service to
millions clients at the same time. How would you do that with
Wireguard?
I think a better comparison would be with the old NTP symmetric key
authentication. From the user point of view the configuration is about
the same and the stronger protection of Wireguard doesn't seem to be
necessary as the client/server mode of NTP is resilient against replay
attacks. I may be missing an important detail here.
> Simultaneously I established both an unencrypted NTP path and an NTP path within a WireGuard tunnel, all else being equal.
> MS Name/IP address Stratum Poll Reach LastRx Last sample
> ===============================================================================
> ^+ 10.4.0.88 2 10 377 82 -1279us[-1279us] +/- 31ms
> ^* <vultr public ip> 2 10 377 602 -1950us[-1935us] +/- 30ms
A sourcestats output at a shorter polling interval might give more
interesting data.
--
Miroslav Lichvar
--
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.