Yo Eric! On Thu, 17 Jan 2019 15:00:20 -0500 "Eric S. Raymond via devel" <devel@ntpsec.org> wrote:
> Ian Bruene via devel <devel@ntpsec.org>:
> > > Charlie requests a master key (and possibly initial cookies) daily
> > > from Delta.
> >
> > Cookies wouldn't be part of that. For a start "once a day" would
> > have the cookies up to tens of thousands of packets out of date
> > (assuming a packet every second for a client that joined just after
> > the last NTPD-NTS sync).
>
> Then what's *your* explanation for "We could also send the initial
> cookies over that channel so that only NTP-server knows the cookie
> format."
No way to recover the cookie format from a cookie...
But, that does bring up more questions. The Proposed RFC does not
specify a cookie format. I suspect this is intentional so that the
cookie can mutate over time.
Things like encryption algorithm and hash algorithm will change over
time. Also key sizes.
So, how does the NTS-KE and NTPD server know what cookie format(s) are
in use? How does the NTS-KE server know which cookie formats to issue
for which NTPD servers?
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
g...@rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
pgpiUaRksPW8M.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
