[ntp:security] Ephemeral time servers

Harlan Stenn stenn at nwtime.org
Sat Jan 9 04:32:33 UTC 2016



On 1/8/16 7:45 PM, Danny Mayer wrote:
> On 1/8/2016 6:35 PM, Harlan Stenn wrote:
>> What is the use case for getting time from an ephemeral server, or from
>> ephemeral servers?
>>
> 
> What does that even mean? How do you even know that the server exists
> and is available?

If B says "peer A" and A has no line about server B, then a passive
association is spun up.

If authentication is used, then even if a host says "restrict ...
nopeer", an association *will* be spun up because NOPEER does not apply
to authenticated messages.

This conversation may soon have to become encrypted.

-- 
Harlan Stenn <stenn at nwtime.org>
http://networktimefoundation.org - be a member!



More information about the security mailing list