I-ProHoster > Блог > izindaba ze-inthanethi > Ukukhishwa kwamaseva e-NTP i-NTPsec 1.2.0 ne-Chrony 4.0 ngokusekelwa kwephrothokholi ye-NTS evikelekile

Ukukhishwa kwamaseva e-NTP i-NTPsec 1.2.0 ne-Chrony 4.0 ngokusekelwa kwephrothokholi ye-NTS evikelekile

Ikomidi le-IETF (Internet Engineering Task Force) elithuthukisa izivumelwano ze-inthanethi kanye nezakhiwo, kuqediwe ukwakhiwa kwe-RFC yephrothokholi ye-NTS (Network Time Security) futhi yashicilela imininingwane ehlobene ngaphansi kwesihlonzi. RFC 8915. I-RFC ithole isimo “seZinga Elihlongozwayo”, ngemva kwalokho umsebenzi uzoqala ukunikeza i-RFC isimo sezinga lokusalungiswa (Okusalungiswa Okujwayelekile), okusho ukuthi empeleni ukuqiniswa okuphelele kwephrothokholi futhi kucatshangelwa konke ukuphawula okwenziwe.

Ukulinganisa i-NTS kuyisinyathelo esibalulekile sokuthuthukisa ukuvikeleka kwamasevisi okuvumelanisa isikhathi nokuvikela abasebenzisi ekuhlaselweni okulingisa iseva ye-NTP iklayenti elixhumeka kukho. Ukukhohlisa kwabahlaseli kokusetha isikhathi esingalungile kungasetshenziswa ukufaka engozini ukuphepha kwamanye amaphrothokholi aqaphela isikhathi, njenge-TLS. Isibonelo, ukushintsha isikhathi kungaholela ekuchazweni kabi kwedatha mayelana nokufaneleka kwezitifiketi ze-TLS. Kuze kube manje, i-NTP kanye nokubethelwa kwe-symmetric kwamashaneli okuxhumana akuzange kwenze kube nokwenzeka ukuqinisekisa ukuthi iklayenti lisebenzisana nethagethi hhayi iseva ye-NTP engcolile, futhi ukuqinisekiswa okuyinhloko akukakasakazeki ngenxa yokuthi kuyinkimbinkimbi kakhulu ukuyilungiselela.

I-NTS isebenzisa izici zengqalasizinda yokhiye womphakathi (i-PKI) futhi ivumela ukusetshenziswa kokubethela kwe-TLS ne-AEAD (Ukubethela Okuqinisekisiwe Ngedatha Ehlobene) ukuze kuvikelwe ngokuyimfihlo ukusebenzisana kweseva yeklayenti kusetshenziswa i-NTP (Network Time Protocol). I-NTS ihlanganisa amaphrothokholi amabili ahlukene: I-NTS-KE (I-NTS Key Ukusungulwa kokusingatha ukuqinisekiswa kokuqala kanye nezingxoxo ezibalulekile nge-TLS) kanye ne-NTS-EF (Izinkambu Zokunweba ze-NTS, ezinomthwalo wemfanelo wokubethela kanye nokuqinisekisa isikhathi sokuvumelanisa). I-NTS yengeza izinkambu ezimbalwa ezinwetshiwe kumaphakethe e-NTP futhi igcina yonke imininingwane yezwe kuphela ohlangothini lweklayenti isebenzisa indlela yekhukhi. Imbobo yenethiwekhi engu-4460 yabelwe ukucubungula ukuxhumana ngephrothokholi ye-NTS.

Ukukhishwa kwamaseva e-NTP i-NTPsec 1.2.0 ne-Chrony 4.0 ngokusekelwa kwephrothokholi ye-NTS evikelekile

Ukuqaliswa kokuqala kwe-NTS esezingeni kuhlongozwa ekukhishweni okusanda kushicilelwa I-NTPsec 1.2.0 и I-Chrony 4.0. I-Chrony inikeza iklayenti le-NTP elizimele kanye nokuqaliswa kweseva okusetshenziselwa ukuvumelanisa isikhathi kuzo zonke izinhlobo zokusabalalisa kwe-Linux, okuhlanganisa i-Fedora, Ubuntu, SUSE/openSUSE, kanye ne-RHEL/CentOS. NTPsec iyathuthuka ngaphansi kobuholi buka-Eric S. Raymond futhi uyimfoloko yesithenjwa sokusetshenziswa kwephrothokholi ye-NTPv4 (NTP Classic 4.3.34), egxile ekusebenzeni kabusha isisekelo sekhodi ukuze kuthuthukiswe ukuphepha (ukuhlanza ikhodi ephelelwe yisikhathi, kusetshenziswa izindlela zokuvimbela ukuhlasela nokuvikelwa imisebenzi yokusebenza ngenkumbulo nezintambo).

Source: opennet.ru

Engeza amazwana