Re: [chrony-users] Using HTTPS date as constraint

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-users Archives ]


On Thu, Nov 28, 2019 at 07:59:24PM +0100, A L wrote:
> In the OpenBSD NTP(*) implementation it is possible to use the HTTP date function to set a constraint to which the client can validate the NTP responses. I believe that you call it Extra timestamp validation(*).
> 
> Are there any plans to support this mode in Chrony, or a way to get equivalent validation of the NTP responses? 

There is no plan to support the HTTPS date in chrony.

The plan is to support the Network Time Security (NTS) authentication.
It should be able to scale to very large numbers of clients and the
impact on accuracy should be minimal.

If you would like to test it, chrony with an experimental support is
here:
https://github.com/mlichvar/chrony-nts

There are some public servers with NTS support. In chrony.conf they
can be specified as:

server nts-test.strangled.net nts ntsport 443 iburst
server time.cloudflare.com nts ntsport 1234 iburst
server ntp1.glypnod.com nts ntsport 123 iburst
server nts.ntp.se nts ntsport 4443 iburst

Please let me know if you see any issues.

-- 
Miroslav Lichvar


--
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.


Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/