[ntpwg] Issues with the NTP draft -06

[Steve Kostecke]

Heiko Gerstung said:

>Steve Kostecke schrieb:
>
>> Heiko Gerstung said:
>>
>>> Sounds great, Is there any tool or utility out there that can show
>>> me the exact trace for an instance of ntpd?
>>
>> A snapshot of the certificates held by ntpd are displayed in
>> the 'ntpq -crv' output (ntpq -c"rv 0 cert" displays just the
>> certificates).
>
>That would mean that I could see a bunch of certificates from all the
>servers in the autokey hierarchy.

Yes.  You'll see something like this:

cert="lan_server root_server 0x6", expire=200806241435,
cert="root_server root_server 0x7", expire=200805112155,
cert="client lan_server 0x6", expire=200806241442,
cert="client lan_refclock_server 0x6", expire=200806241442,
cert="lan_server lan_server 0x7", expire=200806182029,
cert="lan_refclock_server lan_refclock_server 0x7", expire=200805102346,
cert="client client 0x2", expire=200805311052

>Is there a chance or a collection of data that shows me how exactly the
>hierarchy looks like (i.e. which server is getting the time from whom)?

That's the job of the non-existant pretty-printing utility. The
collection of certs above shows two certificate trails:

Trail #1: client -> lan_server -> root_server

cert="client client 0x2"		# self-signed client
cert="client lan_server 0x6"		# client signed by lan_server
cert="lan_server lan_server 0x7"	# self-signed lan-server
cert="lan_server root_server 0x6"	# lan_server signed by root_server
cert="root_server root_server 0x7"	# self-signed root_server

Trail #2: client -> lan_server_with_refclock

cert="client client 0x2"
cert="client lan_server_with_refclock 0x6"
cert="lan_server_with_refclock lan_server_with_refclock 0x7"

-- 
Steve Kostecke <kostecke at ntp.org>
NTP Public Services Project http://support.ntp.org/
Public Key at http://support.ntp.org/Users/SteveKostecke