Re: [chrony-users] NTS fallback?

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-users Archives ] 

Hello Christoph,

The idea is to prevent so-called "bidding down" attacks. I.e., instead of trying to attack the protection mechanisms, the idea of such stracks is to get the client to simply not use them. Not falling back to NTP without NTS when NTS fails is a way to avoid that, i.e., is fully intended.

Kind regards

Joachim

07.08.2025 22:22:03 Christoph Schittel <christoph.schittel@xxxxxxxxx>:

> Hello!
> 
> When a server directive is specified with "nts" this server is only queried when nts service is working on this server.
> Is there no fallback to unauthenicated time transfer for servers with nts option given? Like when nts services are failing or temporarily disabled on the server.
> 
> I know about "authselectmode", but this is only working between different queried servers, authenticated and not authenticated.
> 
> regards
> Christoph
> 
> -- 
> To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
> For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
> Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.

--
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.

Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/