On 1/17/19 2:00 PM, Eric S. Raymond wrote:
Ian Bruene via devel <devel@ntpsec.org>:
Charlie requests a master key (and possibly initial cookies) daily
from Delta.
Cookies wouldn't be part of that. For a start "once a day" would have the
cookies up to tens of thousands of packets out of date (assuming a packet
every second for a client that joined just after the last NTPD-NTS sync).
Then what's *your* explanation for "We could also send the initial
cookies over that channel so that only NTP-server knows the cookie
format."
I don't know.
If initial cookies need to be transferred it needs to happen right after
the key exchange.
However I don't know any reason to transfer initial cookies: NTPD and
NTS-KE already know the cookie format or they can't work together at
all. And all the relevant data from a cookie is accessed by decrypting
it with the master key.
--
/"In the end; what separates a Man, from a Slave? Money? Power? No. A
Man Chooses, a Slave Obeys."/ -- Andrew Ryan
/"Utopia cannot precede the Utopian. It will exist the moment we are fit
to occupy it."/ -- Sophia Lamb
I work for the Internet Civil Engineering Institute <https://icei.org/>,
help us save the Internet from Entropy!
_______________________________________________
devel mailing list
devel@ntpsec.org
http://lists.ntpsec.org/mailman/listinfo/devel
