[ntpwg] Issues with the NTP draft -06

[Heiko Gerstung]

Steve Kostecke schrieb:
> Heiko Gerstung said:
>
>   
>> Steve Kostecke schrieb:
>>
>>     
>>> Heiko Gerstung said:
>>>
>>>       
>>>> Using a public host key of the server would work as well. But I do
>>>> not see that this helps in preventing loops, the only benefit I
>>>> could see is if a server would carry all those unique IDs of all
>>>> servers between the stratum 0 source and itself around and pass that
>>>> list on to its downstream servers/clients. That would enable us to
>>>> provide a "time trail" or a solution to the "traceable" time" stuff.
>>>>         
>>> Autokey, when properly configured, provides exactly this capability.
>>>       
>> Sounds great, Is there any tool or utility out there that can show me
>> the exact trace for an instance of ntpd?
>>     
>
> If you're looking for something that will pretty-print the certificate
> trail, or shrink-wrap it in a GUI, the answer is no. However all of the
> raw data is available.
>
> A snapshot of the certificates held by ntpd are displayed in the 'ntpq
> -crv' output (ntpq -c"rv 0 cert" displays just the certificates).
>   
That would mean that I could see a bunch of certificates from all the 
servers in the autokey hierarchy. Is there a chance or a collection of 
data that shows me how exactly the hierarchy looks like (i.e. which 
server is getting the time from whom)?

> The cryptostats log file provides a log of certificate receipt, etc.
>   
Log files are great for finding out what has happened when but I do 
think they are useful for determining the current status of something.

>> To: Steve Kostecke <kostecke at ntp.org>
>> Cc: ntpwg at support.ntp.org
>>     
>
> Please send your replies TO: the list and refrain from CC:ing me
Done. Sorry, my mail client seems to better like it the other way around.

Regards,
Heiko