Re: [Ntp] Getting started using NTS -- clock accuracy vs certificates
Miroslav Lichvar <mlichvar@redhat.com> Tue, 02 August 2022 15:00 UTC
Return-Path: <mlichvar@redhat.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4BDF9C15C515 for <ntp@ietfa.amsl.com>; Tue, 2 Aug 2022 08:00:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.692
X-Spam-Level:
X-Spam-Status: No, score=-2.692 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.582, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qzbPnqEmulWM for <ntp@ietfa.amsl.com>; Tue, 2 Aug 2022 08:00:41 -0700 (PDT)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D3C0C15C50B for <ntp@ietf.org>; Tue, 2 Aug 2022 08:00:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1659452440; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=X51GqhHkOSxzCiuW5r3YZHqNTqYTiZrFu9j5fZEy+Rc=; b=ZuyUEuG/C7RX7NvqOakHbDLvdlJ/AHG+hpLkAAH11qN2iiX64EMa0CzlCC1pnAdwJCaqFQ Xdvg8zpSaUovXr1L7vjidWbI/Hggqd5NvYoEAEd41e6oJKott6WL83J/UyFjNDVgnn2L8s vWtMDaNF2lGivoVlVxtSPJEOUeEUgMM=
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-466-zVqRzNO0OsmW-t6LE5-2Bg-1; Tue, 02 Aug 2022 11:00:37 -0400
X-MC-Unique: zVqRzNO0OsmW-t6LE5-2Bg-1
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id D4D3385A58B; Tue, 2 Aug 2022 15:00:36 +0000 (UTC)
Received: from localhost (unknown [10.43.135.229]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 4925118EA8; Tue, 2 Aug 2022 15:00:36 +0000 (UTC)
Date: Tue, 02 Aug 2022 17:00:33 +0200
From: Miroslav Lichvar <mlichvar@redhat.com>
To: Danny Mayer <mayer@pdmconsulting.net>
Cc: Hal Murray <halmurray@sonic.net>, ntp@ietf.org
Message-ID: <Yuk8ER59PMxb8SxD@localhost>
References: <mlichvar@redhat.com> <YueT8bAiTeM+nTZv@localhost> <20220801210637.D395628C1CA@107-137-68-211.lightspeed.sntcca.sbcglobal.net> <YujtTu1YYEvhg2Hv@localhost> <21466cc0-dbdb-102c-2886-46c7b22d1348@pdmconsulting.net> <31ef4988-c6c5-37f2-8221-e9f3bb1a450b@pdmconsulting.net>
MIME-Version: 1.0
In-Reply-To: <31ef4988-c6c5-37f2-8221-e9f3bb1a450b@pdmconsulting.net>
X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/-oNmytEenX8sAIH1llP1vG9fLZQ>
Subject: Re: [Ntp] Getting started using NTS -- clock accuracy vs certificates
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Aug 2022 15:00:42 -0000
On Tue, Aug 02, 2022 at 10:25:29AM -0400, Danny Mayer wrote: > I forgot to add that you should not be using IP addresses in your > configuration of NTP Servers. Addresses can and will change and those > servers can be retired. The example of the Australian server being retired > and the address continuing to be bombarded with NTP requests for years > afterwards comes to mind. Publicly available NTP servers are at the whim of > the operators of those servers. I think it's safe to assume only servers that are expected to keep their address will have the address in their certificate. I'm sure there are organizations that can do that. The Google DNS anycast address 8.8.8.8 has been working for 13 years. -- Miroslav Lichvar
- [Ntp] Getting started using NTS -- clock accuracy… Hal Murray
- [Ntp] Antw: [EXT] Getting started using NTS ‑‑ cl… Ulrich Windl
- Re: [Ntp] Getting started using NTS -- clock accu… Miroslav Lichvar
- Re: [Ntp] Getting started using NTS -- clock accu… Hal Murray
- Re: [Ntp] Getting started using NTS -- clock accu… Miroslav Lichvar
- Re: [Ntp] Getting started using NTS -- clock accu… Salz, Rich
- Re: [Ntp] Getting started using NTS -- clock accu… Marcus Dansarie
- Re: [Ntp] Getting started using NTS -- clock accu… Danny Mayer
- Re: [Ntp] Getting started using NTS -- clock accu… Salz, Rich
- Re: [Ntp] Getting started using NTS -- clock accu… Danny Mayer
- Re: [Ntp] Getting started using NTS -- clock accu… Miroslav Lichvar