ProHoster > Блог > ozi ịntanetị > Ntọhapụ nke sava NTP NTPsec 1.2.0 na Chrony 4.0 na nkwado maka ụkpụrụ NTS echekwara

Ntọhapụ nke sava NTP NTPsec 1.2.0 na Chrony 4.0 na nkwado maka ụkpụrụ NTS echekwara

Kọmitii IETF (Internet Engineering Task Force), nke na-emepụta ụkpụrụ ịntanetị na ụkpụrụ ụlọ, emechara nhazi nke RFC maka NTS (Network Time Security) protocol wee bipụta nkọwapụta metụtara n'okpuru njirimara. RFC 8915. RFC nwetara ọkwa nke "Proposed Standard", mgbe nke ahụ gasịrị, ọrụ ga-amalite inye RFC ọkwa nke ụkpụrụ ọkọlọtọ (Draft Standard), nke pụtara n'ezie nkwụsi ike nke usoro ahụ ma na-eburu n'uche ihe niile e kwuru.

Ịhazi NTS bụ nzọụkwụ dị mkpa iji melite nchekwa nke ọrụ mmekọrịta oge yana chebe ndị ọrụ site na mwakpo na-eṅomi ihe nkesa NTP nke onye ahịa na-ejikọta. Enwere ike iji njikwa ndị mwakpo nke ịtọ oge na-ezighi ezi iji mebie nchekwa nke protocol ndị ọzọ mara oge, dị ka TLS. Dịka ọmụmaatụ, ịgbanwe oge nwere ike iduga nkọwahie nke data gbasara izi ezi nke asambodo TLS. Ruo ugbu a, NTP na symmetric izo ya ezo nke ọwa nkwurịta okwu emeghị ka o kwe omume na-ekwe nkwa na onye ahịa na-emekọrịta ihe na ebumnuche na ọ bụghị ihe nkesa NTP spoofed, na isi nkwenye aghọbeghị ebe nile n'ihi na ọ bụ nnọọ mgbagwoju anya hazi.

NTS na-eji ihe nke akụrụngwa igodo ọha (PKI) ma na-enye ohere iji TLS na AEAD (Enyocha ezoro ezo na Associated Data) iji kpuchido mmekọrịta ndị ahịa na nkesa site na iji NTP (Network Time Protocol). NTS na-agụnye usoro abụọ dị iche iche: NTS-KE (NTS Key Establishment maka ijikwa nkwenye mbụ na mkparita uka isi n'elu TLS) na NTS-EF (NTS Extension Fields, na-ahụ maka izo ya ezo na nyocha nke oge mmekọrịta oge). NTS na-agbakwụnye ọtụtụ ubi agbatị na ngwugwu NTP ma na-echekwa ozi steeti niile naanị n'akụkụ ndị ahịa site na iji usoro kuki. Enyere ọdụ ụgbọ mmiri 4460 maka nhazi njikọ site na NTS protocol.

Ntọhapụ nke sava NTP NTPsec 1.2.0 na Chrony 4.0 na nkwado maka ụkpụrụ NTS echekwara

A na-atụpụta mmezu mbụ nke NTS ahaziri ahazi na mwepụta ndị ebipụtara nso nso a NTPsec 1.2.0 и Chrony 4.0. Chrony na-enye onye ahịa NTP nọọrọ onwe ya na mmejuputa ihe nkesa nke ejiri mekọrịta oge n'ofe nkesa Linux dị iche iche, gụnyere Fedora, Ubuntu, SUSE/openSUSE, na RHEL/CentOS. NTP sekọnd na-eto eto n'okpuru nduzi nke Eric S. Raymond na bụ a ndụdụ nke ntinye aka mmejuputa iwu nke NTPv4 protocol (NTP Classic 4.3.34), lekwasịrị anya na reworking koodu isi iji melite nche (ihichapụ emechie koodu, na-eji ụzọ mgbochi ọgụ na-echebe). ọrụ maka ịrụ ọrụ na ebe nchekwa na eriri).

isi: opennet.ru

Tinye a comment