ProHoster > Ibhulogi > iindaba ze-intanethi > Ukukhutshwa kwe-NTPsec 1.2.0 kunye neChrony 4.0 iiseva ze-NTP ngenkxaso yomgaqo okhuselekileyo we-NTS

Ukukhutshwa kwe-NTPsec 1.2.0 kunye neChrony 4.0 iiseva ze-NTP ngenkxaso yomgaqo okhuselekileyo we-NTS

IKomiti ye-IETF (i-Internet Engineering Task Force), ephuhlisa iprothokholi kunye noyilo lwe-Intanethi, igqityiwe ukwenziwa kwe-RFC ye-NTS (uKhuseleko lweXesha leNethiwekhi) kwaye yapapasha ingcaciso enxulumeneyo phantsi kwesichongi. RFC 8915. I-RFC ifumene imo "yoMgangatho ocetywayo", emva koko umsebenzi uya kuqalisa ukunika i-RFC ubume bomgangatho wedrafti (uMgangatho oYilwayo), nto leyo eneneni ithetha ukuzinziswa okupheleleyo komgaqo kunye nokuthathela ingqalelo zonke izimvo ezenziweyo.

Ukulinganisa i-NTS linyathelo elibalulekileyo lokuphucula ukhuseleko lweenkonzo zongqamaniso lwexesha kunye nokukhusela abasebenzisi kuhlaselo oluxelisa iseva ye-NTP apho umxhasi axhuma khona. Ukuqhatha kwabahlaseli ukuseta ixesha elingalunganga kunokusetyenziselwa ukubeka esichengeni ukhuseleko lwezinye iiprothokholi zolwazi lwexesha, ezifana ne-TLS. Ngokomzekelo, ukutshintsha ixesha kunokukhokelela ekutolikeni kwedatha malunga nokuqinisekiswa kwezatifikethi ze-TLS. Ukuza kuthi ga ngoku, i-NTP kunye ne-symmetric encryption yamajelo onxibelelwano ayizange yenze ukuba kwenzeke ukuba kuqinisekiswe ukuba umxhasi usebenzisana nethagethi kwaye hayi iseva ye-NTP ekhohlakeleyo, kwaye uqinisekiso oluphambili aluzange lusasazeke ngenxa yokuba lunzima kakhulu ukuyiqwalasela.

I-NTS isebenzisa izakhi zesiseko esingundoqo soluntu (i-PKI) kwaye ivumela ukusetyenziswa kwe-TLS kunye ne-AEAD (i-Authenticated Encryption nge-Associated Data) ufihlo ukuze i-cryptographically ikhusele ukusebenzisana komxhasi-umncedisi usebenzisa i-NTP (i-Network Time Protocol). I-NTS ibandakanya iiprothokholi ezimbini ezihlukeneyo: i-NTS-KE (i-NTS yokuSekwa ​​okuPhambili yokuphatha ukuqinisekiswa kokuqala kunye nothethathethwano oluphambili kwi-TLS) kunye ne-NTS-EF (i-NTS Extension Fields, enoxanduva lofihlo kunye nokuqinisekiswa kweseshoni yongqamaniso lwexesha). I-NTS yongeza imihlaba emininzi eyandisiweyo kwiipakethi ze-NTP kwaye igcina lonke ulwazi lwelizwe kuphela kwicala lomxhasi usebenzisa indlela yecookie. I-Network port 4460 yabelwe ukusetyenzwa kwemidibaniso nge-NTS protocol.

Ukukhutshwa kwe-NTPsec 1.2.0 kunye neChrony 4.0 iiseva ze-NTP ngenkxaso yomgaqo okhuselekileyo we-NTS

Ukuphunyezwa kokuqala kwe-NTS esemgangathweni kucetywayo kukhupho olupapashwe kutshanje NTPsec 1.2.0 и Chrony 4.0. Chrony inikeza umxhasi we-NTP ozimeleyo kunye nokuphunyezwa kweseva esetyenziselwa ukulungelelanisa ixesha kwii-Linux ezahlukeneyo zosasazo, kuquka iFedora, Ubuntu, SUSE/openSUSE, kunye neRHEL/CentOS. NTPsec iphuhlisa phantsi kobunkokeli buka-Eric S. Raymond kwaye yifolokhwe yokuphunyezwa kwereferensi ye-NTPv4 protocol (NTP Classic 4.3.34), igxininise ekusebenzeni kwakhona isiseko sekhowudi ukwenzela ukuphucula ukhuseleko (ukucoca ikhowudi ephelelwe yisikhathi, usebenzisa iindlela zokuthintela ukuhlaselwa kunye nokukhuselwa. imisebenzi yokusebenza ngenkumbulo kunye neentambo).

umthombo: opennet.ru

Yongeza izimvo