Re: [chrony-users] NTS fallback? |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-users Archives
]
- To: chrony-users@xxxxxxxxxxxxxxxxxxxx
- Subject: Re: [chrony-users] NTS fallback?
- From: kross@xxxxxxxxxxxxxxxxxxxx
- Date: Thu, 7 Aug 2025 23:20:42 +0200 (GMT+02:00)
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kaffeeschluerfer.com; s=s31663417; t=1754601646; x=1755206446; i=kross@xxxxxxxxxxxxxxxxxxxx; bh=HmlG69GOSaWEILQc2LFyveVy1h58EBIFnDWPA54GtiU=; h=X-UI-Sender-Class:Date:From:To:Message-ID:In-Reply-To:References: Subject:MIME-Version:Content-Type:Content-Transfer-Encoding:cc: content-transfer-encoding:content-type:date:from:message-id: mime-version:reply-to:subject:to; b=N9QSXaqEY13MJuII/BOPQaEjmURzhok0cfaKTTbJEHqqR3V9V1V8cFHqTBfAFpV8 0fVBUG8bgajBUmRQ3QozzF4bNpzQjFGDKJC5fIGauUeM7hFNDrWeQ5Xs9J+RRk2CF x+7MJb+woxf1gEQADDLOH0q2SZke63nKOjA4RJ4RzN3OUogYS3u9IRj0Swx/IveDj AkLxWzv9g3ArQhyNnnS1BdsMfyswxbwwbJX0cBzbxu4fydi2mPK0paaEfc798zOap 0SxGKM0+3IuGArXFB0sG7O/UDxmYGdFqn5mge0Fc5UEJfSxZUIhOSC6lGNimmPYLm q4/C0lgQdZhAa38ZVA==
- Ui-outboundreport: notjunk:1;M01:P0:11Qc8cftulc=;VheK1yN5kyy4gNQip6TTSWPD220 MxkH/WwrmgWF9makrfNelqXxvgvbb6w814Uy5aurR7y4pl8bIHLSOtfjravqlnTQYoexejVsX NAzRI90CItKCRgHwfwMY79/RpibX8p1Tvu0LbHIi58zJuZSBIWcrNF7RDZqWo/PC96jRZtkj4 iZCB4lXvwNYyvET5twnU989luPlSmG+SUOmOc36r+iwZWJI5U58ExMhM/3OvmkZ40++9fBpTv x/FXhdIRrcsFPM49Iekb0GTKP6XjH842XlumHEIcZo0iciYayVYwWFFQFcl7L3o5HJw1GA908 5HvizerLvgpfbNgaCwasDwZ3qehjM6YQt+fqoSSD3f/Xx4FjCssGrvhVq7FB8PkR5oInvm85F ZCkIfEst212wU73TwZ2Mqqy0neWfL8O7fR8e1eS0fm3S0X7kU7yIOj/Opg2DZWHV/tSx3/sN3 qNpiIA7Erj7MsCX8pSYcg3jte99GpEkglgHEqBwq79Mhl87sBa7u8Le6vvBoD2UtPXjNgzahB cYB7Ot+fOiFeGQLxfzmlKyIE++D773tbCc7EmNOkZH9pruMY1fjEZvrLbL02Zd5FPCjsYdb2O lu6ouA4XHgeZFsDst+N0yrJmIO5KNJ1IuuXCUOB3Ks9JyMfZHu+F+01QMCeasCRFuqF/ChBLv l1fDtsHAhJXFB1x0KpQlL2OXNGIWFz0mzNZU+oNyWGbAr2Q1tQiLEJrtqlZSF9cktjNAyrRNG s9nX7C/705Sk/gaUX48kvy6CrcZzDCfl6XzX+YOTYA9yT35z4lxuQGnsCRG9zTzFcZE/bUSOX HxSFsGzoIiE14TAIdpJf/cANQPTgnHrP0wdK7FFj/K7bUC+Q3wceM6r0vq9qC1xg8BRxzDCW2 CcWAvtlvhjcyJJiQ/qbeiouiwBQS0NhZCH1/E+WuGndVTgD+JloxY7sU4+QjGKMsTb51f1rP5 sSkKv7pf2PlWAkeHSMLLGwo1XX5qkANlnUr+3SnRSu1rjMif1M3ocdB+INf6HBMG8JwEmrYbn Y1sMLCcc4q05RF78XJlHewsdv4WBKZupwlgZC5AeuY3xKm8Mm1ZJr6cgyY8CW3TdcVK5srYzn ptA/FRh/lRuJsuIXmTaz4AH9uLAn+uYTnouu6jQi9aDIDr2MkpvEWRWOTgxzrJttn8nt17hjT KlRij0CUhXxZxJvw/xpMpmpQpv62BdRQOjhuynSDgJMAJ4jCDsw4hdalTfw4B1cyadtUs/zbk ZpCOWD9zzz6i/YMt8Vml2HedECQTQiZc1K5Phz0QxVRwZcXjdFzblWcShlYdV91pvrWqSX9+O BNOgGNhAIgdxwMbcxI1hNCn/7JgSffXhJ5cF5rNwuTYpHacxosz/McV6pXMrTEI2wCluROyPg E5d2yOaIjcz8cdFjZPx+jprb2sc9M/dFBfI0OKVDWdIxOWYWVxmzbiG+zwHiaQTxshiUV9hYQ D1Gk05xOk5Hz3BuxLGRdE/aq0FVieCNlFu+gkFtWcz3PnSudLYtObjTAVeMCbQx81Jyrwn4Ed Y1bRwz+L5SbSEREofE0ariZCabYcXKE7XWAjds323a1mIKgB8LpbcOoV01a8zz2N2UVEx011k AsEO+b+BVluRPJho4mqvFwcxq2XQodcAvrVwY17MoCCfANOuTp3/725+LXOwvyzr8G8wJpavD 9zYzNpeXLLkz8YerVPLMaPvVxwsnRllAYWKTvF464jgAxfvNtkNVtUmcC7G2ifcDt+hPFFhJa lFg3VDw8wIjOKg/ieIpHSn0flyx+09+T6JYhxBSZwRIaAULGccF9TO2tcVPVVrUOvJUn9DaDB kQ64CJ3XiRbmKC1/pow6j9EX9C308mapr0s1O7Nj7SCLSqxnccfxrQNEJv2EhZP6x4cbkPinF K5cJTQ/pT+UKRgO4zmxXrYbgqGQR35QvTjbzYHK5JLKxLeMhLlKUDeIgOfJJc1REGpsHvWV6P WXsmQefW06dzTU/hpZqAKAs7hgbUnrOpNNpTgDE+c8tLHqTUggZ0aRunEE5D+piHA1OJkVjC7 stoYVIdx3jIxa2sKG5XyPyMtFOXP6BMLot2+P5qTYGA5kyf90NZLe+1oc7cRqqLcFpsX/UhDy uU/M20tsnUzHppq7EvWwb2g6gVfjlhJtYJgwgc6gCJbQjFHPV3KiajWeKh5N4DHkHBXMxecVb 9Uc2YknDvxsn2ertkDk5ZhFTfX0kS50EQTK9Shwuft4HI9BvvM/7ZUQornxS+NTqvwc0oMKw7 UODZFTKuIvaYAOEdbLluyuO4ue1OGz/als3izmvzeswW2+d6MM6OA4SrlFm3s+vvFErJ1VM4e OkY1LwGOq5GWNeudcjVWdyoeHiJtG5QE1lfFi5IyuODyvZ2yGF0DU3EIqzw9u885UxO+mAEIj ojJxh6BKivnNugQvC7/K4t589VXhcDb+JCkrGBx91XIEdb4IXHzaqLwU0aG/+6XoiE+oqvzld QCLDtAyCOPUkZvjrlVPTG9R2vXzLnyKTK46aiPReStrSugnKKPHykmHVAAlFFdbW2VEZXOEzZ icd0nTteu8k3mS4xfPcNKR36A7zKJdNlasZZT0UkrLtKU/g8Z8HBGULpbZgEzQXhH2hY2xJ1v uK1bk9uPZGzOPtq1URn5m17R/BbCRL1WEYHdhtR6lUF/cRg6R+Swbn8U/xl4dE8rP6GXn8Rh2 3esSGm3+RXzlCOe47a2S0WxasW5g3h9WxlTtvw0zuFJFPYMCtsDSEqVad6lR9Qq32TaK2Df0e PNustsGujwusclOD4acpHFk2YeKHkbIBo5/FDHLQjMuPgO4y0x0jLNk6EXqvexeraCCMrBeBZ JvQkQad5rVPRD8uQWwbb2A5CHI9ikTB2QcHNiFAi/WOCvIzQggWBps2L97XuzW/qaZ3zmTChU nunTBSd0Q4b7VzCdPtyAAFB9izhE3oI3+TZBHQdED1FiHkDr9KFG7hCkzJEVHED3y/Ns1WUnK 1+zC2+jZTZ4BUq+71d7SKQT7pKJq7xjROm65HlHYo5LNNuPw1+OVAJcQ41RiOEHcnh945Dhu/ sF8DRucGxnuFpHtcm78RjbkGRncWpcQaH8GjTR34oxuiWM8VB083Ikn/y/kwqu7gLvsc7EceZ A99B1SHbKPeij7q1n8nWyGRvN+vWZSL3rY0z7xtXIAwcGx8RpkVY744rCOJfvIFaLrCH4NBeb vo3HXKpA+21w8ZSxid7DC8lOCkdxLsnUQFKVOiXV84QLG0utOZvcxt2sV4tl0yq2iuKA=
Hello Christoph,
The idea is to prevent so-called "bidding down" attacks. I.e., instead of trying to attack the protection mechanisms, the idea of such stracks is to get the client to simply not use them. Not falling back to NTP without NTS when NTS fails is a way to avoid that, i.e., is fully intended.
Kind regards
Joachim
07.08.2025 22:22:03 Christoph Schittel <christoph.schittel@xxxxxxxxx>:
> Hello!
>
> When a server directive is specified with "nts" this server is only queried when nts service is working on this server.
> Is there no fallback to unauthenicated time transfer for servers with nts option given? Like when nts services are failing or temporarily disabled on the server.
>
> I know about "authselectmode", but this is only working between different queried servers, authenticated and not authenticated.
>
> regards
> Christoph
>
> --
> To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
> For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
> Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.
--
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.