Yo Ian! On Sun, 6 Jan 2019 14:23:14 -0600 Ian Bruene via devel <devel@ntpsec.org> wrote:
> Charlie to Delta is the big acknowledged unknown. Seems to me that Section 6 of the proposed RFC defines this pretty well. Once you can figure out who Clarlie (NTPD) and Delta (NTS-KE) are. > I think the word > you might be looking for is "transaction". Hardly qualifies as a transaction as there is no reciprocity (See the dictionary). In the dark past, either the NTPD told the NTS-KE what keys to use, or vice versa. Not even a need for an ACK. > "It's whatever is needed to verify the cookie from Alpha." Yes, the blob as defined in Section 6. > Whatever needs to be communicated on that channel it can't be > verifying cookies and also be "only an occasional ???". Verifying > cookies means every single ntp packet that comes in to Charlie has to > be checked with Delta. Nope. Reread the Proposed RFC. NTS-KE and NTP agree before hand on some long lived keys to use. They actually don't need to 'agree'. Either the NTS-KE tells the NTP, or vice versa. Maybe no need for any negotiation. Then use them for hours, days, weeks or months. Section 6 proposes a simple means to keep generating new short term keys fomr old keys, so no need for further communication between the NTS-KE and NTPD. Just once is enough. Not to say that it can't, or shouldn't, get a bit more complicated, but it is not required. RGDS GARY --------------------------------------------------------------------------- Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703 g...@rellim.com Tel:+1 541 382 8588 Veritas liberabit vos. -- Quid est veritas? "If you can’t measure it, you can’t improve it." - Lord Kelvin
pgpGocTTKSiNE.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel