On Thu, Jan 17, 2019, 5:54 PM Hal Murray via devel <devel@ntpsec.org wrote:
> > Ian Bruene said: > > NTS-KE needs cookie generation because it has to render onto the client > the > > initial cookie stock. > > Right. But it doesn't actually have to generate them itself. It could > also > get them from the NTP-server. > > The idea is to take advantage of a connection to the NTP-server to offload > as much complexity as possible. What does the NTP-KE-server do with the > master key? Can we push all that to the NTP-server? > You would have to shove all of the complexity into an ntpd thread. OpenSSL *seems* to be annoyingly non-reentrant which would limit you to switching between ntp w/ nts and nts-ke. One particular daemon seems to work around that by generating lots of processes. I like Gary's suggestion of making most of the NTS-KE-client a library so > we can package it stand alone or with NTP-client. I think the same applies > to NTS-KE-server. > I tried something not completely unlike that in !842 but it was buggy, nonfunctional and leaky. >
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel