Are we interested in client certificates?

-- These are my opinions. I hate spam. ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel

Re: Update

Hal Murray via devel : > It seems strange to use "crypto" for the keyword when we are talking about > NTS > or NTS-KE. I've changed the keyword to "nts". -- http://www.catb.org/~esr/";>Eric S. Raymond My work is funded by the Internet Civil Engineering Institute: https://icei.o

Re: Update

e...@thyrsus.com said: >> Are we ever going to want to use anything older than TLS1.2? Spec says no, >> but it might be interesting for testing. > I'm not interested in complicating our lives with a surfeit of obsolete APIs. Sounds good. It's probably worth updating our requirements section t

Re: Update

Hal Murray via devel : > It seems strange to use "crypto" for the keyword when we are talking about > NTS > or NTS-KE. Yes, I was planning to change that. I originally thought there were going to be crypto options that might someday be be used for something besides NTS and intended to have bith

Update

I've got the start of the NTS-KE server working. All is does after the TLS setup is read some data and echo it back. Logging is verbose for debugging. I'm using NTSc: and NTSs: as the tag for client and server and NTS: for subroutines that might get called from either side. It reads certi

Re: no ssl.h on macos?

On Sat, Feb 9, 2019, at 8:28 AM, Hal Murray via devel wrote: > I thought we got farther than this last night. > > Does macos have OpenSSL? What version? > This ( https://stackoverflow.com/questions/43415106/openssl-conf-h-file-not-found-error-on-macos-sierra) stackoverflow answer suggests it

no ssl.h on macos?

I thought we got farther than this last night. Does macos have OpenSSL? What version? Stage: build Name: macos-basic Trace: ../../include/nts.h:7:10: fatal error: 'openssl/ssl.h' file not found #include ^~~ 1 error generated. -- These are my opinions. I hate spam. __

for parts not merging as-is

On 2/9/19, Hal Murray via devel wrote: >>> IANA maintains one. That's what we use on the wire. It's started in >>> RFC 5116. RFC 5297 covers the case we want. The magic number is 15. > >> I don't want magic numbnbers in config files. > > Then please write some code that translates "AEAD_AES_SI

Re: [Git][NTPsec/ntpsec][master] 6 commits: nts.adoc: Capitalize a MUST

>> Daniel has code that does. >> https://github.com/dfoxfranke/libaes_siv >> It doesn't build on NetBSD and gets warnings on FreeBSD. > It gets warnings on Linux as well. What flavor of Linux? It's clean on Fedora 29. I thought I saw warnings on FreeBSD, but I just tried again and it looks

Re: [Git][NTPsec/ntpsec][master] 6 commits: nts.adoc: Capitalize a MUST

>> IANA maintains one. That's what we use on the wire. It's started in >> RFC 5116. RFC 5297 covers the case we want. The magic number is 15. > I don't want magic numbnbers in config files. Then please write some code that translates "AEAD_AES_SIV_CMAC_256" to 15. Since we don't have any imp