Iqembu Elisebenzayo le- ubunjiniyela be-inthanethi (IETF), Obhekele ukuthuthukiswa kwezivumelwano ze-Intanethi nezakhiwo, kuqedile ukwakheka kwe-RFC yenqubo olandelwayo ye-Network Time Security (NTS) futhi ushicilele imininingwane ehlobene nesikhombi se-RFC 8915.
I-RFC ithole isimo se- «Proposal Standard», ngemuva kwalokho umsebenzi uzoqala ukunikeza i-RFC isimo se-Draft Standard, empeleni okusho ukuqiniswa okuphelele kweprotocol futhi kubhekwe nakho konke ukuphawula okwenziwe.
Ukumiswa kwe-NTS kuyisinyathelo esibalulekile sokwenza ngcono ukuphepha kwezinsizakalo zokuvumelanisa isikhathi futhi uvikele abasebenzisi ekuhlaselweni okulingisa iseva ye-NTP iklayenti elixhumeka kuyo.
Ukuphatha abahlaseli ukusetha isikhathi esingalungile kungasetshenziswa ukubeka engozini ukuphepha kwamanye ama-protocols azwela isikhathi, njenge-TLS. Isibonelo, ukushintsha isikhathi kungaholela ekuchazelweni kabi kwedatha yokuqinisekisa yezitifiketi ze-TLS.
Kuze kube manje, i- I-NTP nokubethela okuhambisanayo kweziteshi zokuxhumana akuqinisekisi ukuthi iklayenti lisebenzisana nenhloso hhayi ngeseva ye-NTP e-spoofed, futhi ukufakazela ubuqiniso bokhiye akuhambanga kakhulu njengoba kunzima kakhulu ukumisa.
Ezinyangeni ezimbalwa ezedlule, sibonile abasebenzisi abaningi benkonzo yethu yesikhathi, kepha bambalwa kakhulu abasebenzisa i-Network Time Security. Lokhu kushiya amakhompyutha esengozini yokuhlaselwa alingisa iseva ayisebenzisayo ukuthola i-NTP. Ingxenye yenkinga kwaba ukungabikho kwamademoni e-NTP atholakalayo asekela i-NTS. Leyo nkinga manje isixazululiwe: i-chrony ne-ntpsec zombili zisekela i-NTS.
I-NTS isebenzisa izakhi zengqalasizinda zomphakathi ezibalulekile (PKI) futhi ivumela ukusetshenziswa kwe-TLS nokubethela okuqinisekisiwe ngeDatha ehambisanayo (AEAD) ukuvikela ukuxhumana ngokufihla imininingwane ngamakhasimende-kuseva nge-Network Time Protocol (NTP).
I-NTS kufaka phakathi izivumelwano ezimbili ezihlukene: I-NTS-KE (Ukusungulwa kokhiye we-NTS ukuphatha ubuqiniso bokuqala nezingxoxo ezibalulekile nge-TLS) kanye ne-NTS-EF (Izinkambu ze-NTS extension, ezibhekele ukubethela nokuqinisekisa isikhathi sokuvumelanisa).
I-NTS engeza izinkambu ezahlukahlukene ezinwetshiwe kumaphakethe we-NTP futhi igcina yonke imininingwane yezwe kuphela ohlangothini lweklayenti ngendlela yokudlulisa amakhukhi. I-Network port 4460 inikezelwe ekuphatheni ukuxhumana kwe-NTS.
Isikhathi yisisekelo sokuphepha kwemithetho eminingi, njenge-TLS, esithembele kuyo ukuvikela izimpilo zethu online. Ngaphandle kwesikhathi esiqondile, ayikho indlela yokunquma ukuthi iziqinisekiso ziphelelwe yisikhathi noma cha. Ukungabi bikho kwesikhathi esisebenziseka kalula esivikelekile kube yinkinga ekuphepheni kwe-Intanethi.
Ukuqaliswa kokuqala kwe-NTS eqinisekisiwe kuhlongozwe kuzinguqulo ezisanda kukhishwa ze-NTPsec 1.2.0 neChrony 4.0.
I-Chrony inikeza iklayenti le-NTP elihlukile nokusetshenziswa kweseva okusetshenziselwa ukuvumelanisa isikhathi esiqondile ekusatshalalisweni okuhlukahlukene kweLinux, kufaka phakathi iFedora, Ubuntu, SUSE / openSUSE, neRHEL / CentOS.
I-NTPsec ithuthukiswa ngaphansi kobuholi buka-Eric S. Raymond futhi imfoloko yokusetshenziswa kwesethenjwa kwephrothokholi ye-NTPv4 (i-NTP Classic 4.3.34), egxile ekwakheni kabusha isisekelo sekhodi ukwenza ngcono ukuphepha (ukuhlanzwa kwekhodi engasasebenzi, izindlela zokuvimbela ukungena nemisebenzi evikelwe) kusebenza ngememori namaketanga).
Ngaphandle kwe-NTS noma ukufakazela ubuqiniso bokhiye ohambisanayo, asikho isiqinisekiso sokuthi ikhompyutha yakho empeleni ikhuluma nge-NTP kwikhompyutha ocabanga ukuthi iyikho. Ukuqinisekiswa kokhiye we-Symmetric kunzima futhi kubuhlungu ukumisa, kepha kuze kube muva nje bekuwukuphela kwendlela ephephile neqinisiwe yokuqinisekisa iNTP. I-NTS isebenzisa umsebenzi ongena kwingqalasizinda yokhiye womphakathi wewebhu ukuqinisekisa amaseva we-NTP futhi uqiniseke ukuthi lapho ulungiselela ikhompyutha yakho ukukhuluma ne-time.cloudflare.com, lelo yiseva ikhompyutha yakho ethola isikhathi kuyo.
Uma ufuna ukwazi kabanzi ngayo, ungabheka imininingwane Kulesi sixhumanisi esilandelayo.