[ntp:questions] Problem using ntp autokey with the trusted certificate identity s cheme

David Mills mills at udel.edu
Mon Feb 9 18:39:22 UTC 2009


Richard,

I need to be very explicit. The protocol has not changed; however, there 
are configurations involving multiple trusted groups the older version 
could not handle but the newer one can. The problem is that the release 
version has some files of one age and others of far older ages. Thus, 
there could be problems with interactions between files of different 
ages. I wish this would all go away and the development code, now 
several months old, would replace the release, but I don't maintain the 
release versioni and I defer to those that do.

Dave

Richard B. Gilbert wrote:

>Martin Burnicki wrote:
>  
>
>>Dave,
>>
>>David Mills wrote:
>>    
>>
>>>Alain,
>>>
>>>You are apparently using the release version of ntpd. That version,
>>>while dated early this year, has a patchwork of old and new algorithms.
>>>This means that, while the algorithms have been compatible as the
>>>versions progress, various combinatinos of old and new algorithms, as in
>>>the current release version, probably are not. The only version I can
>>>help you with is the development version, which does have compatible
>>>algorithms. I put a good deal of effort in the documentation for the
>>>development version, including configuration and key generation
>>>examples. However, note that the online dodumentation applies only to
>>>the development version, not the release version. In any case, the
>>>codumentation included in your version appllies specifcally to the
>>>softeare of your version.
>>>
>>>If using the development version, pay close attention to the defaults,
>>>especially the default host name and key. I suspect the defaults are not
>>>what you expect.
>>>      
>>>
>>Does this mean the current release version and the current ntp-dev version
>>(which will be the next release version) will not cooperate properly if
>>autokey has been enabled?
>>
>>    
>>
>
>Having been around the track a time or three, I wouldn't count on the 
>two versions being able to interoperate using autokey!
>
>If they do there should not be a problem.  If they do not, then the 
>newer version will have to interogate each system it talks to and 
>determine whether "newspeak" or "oldspeak"  should be used.  And this 
>means that "newspeak" versions will have to recognize and respond to 
>this query.
>
>There is MUCH to be said for GETTING IT RIGHT THE *FIRST* time!
>
>_______________________________________________
>questions mailing list
>questions at lists.ntp.org
>https://lists.ntp.org/mailman/listinfo/questions
>  
>




More information about the questions mailing list