Yo Hal! On Fri, 18 Jan 2019 19:07:58 -0800 Hal Murray via devel <devel@ntpsec.org> wrote:
> Gary said:
> > Once again: there is no TLS session between NTPD client and NTPD
> > server. Once again: the NTPD server must generate new keys withour
> > TLS.
>
> No, it reuses the old S2C and C2S. (that it gets from decrypting the
> cookie)
Maybe, but where does the Proposed RFC say that?
Worse if you keep reusing the same C2S and S2C keys then the master
key becomes vulnberable to a "known plaintext" type of attack. The
"plaintext" is not known, but knowing it is unchanged, and used withj
multiple master keys is not gonna fly.
> > We use the algorithm of RFC 5705, but in a context with no TLS.
>
> That doesn't make sense. RFC 5705 assumes there is a TLS session.
And, yet, there is no TLS connection between the NTPD client and NTPD
server!
So, how do you resolve that contradiction? Knowing that you can not
reuse the C2S and S2C.
I simple replace "TLS master key" with "NTPD master key" and the
problems go away.
And how does the NTPD server know the ephemeral TLS master key that
you used betweeen the NTS-KE and NTPD client? The NTPD server needs
it to decrypt the cookie to get to the C2S and S2C.
Stop looking at the one tree, figure out how the forest works.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
g...@rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
pgpl9kEXyUbKt.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
