Implementing NTS options

Gary E. Miller gem at rellim.com
Sat Feb 2 05:36:46 UTC 2019 

Yo Eric!

On Sat,  2 Feb 2019 00:30:07 -0500 (EST)
"Eric S. Raymond via devel" <devel at ntpsec.org> wrote:

> >*tls1.2* Allow TLS1.2 connection.
> >
> >*tls1.3* Allow TLS1.3 connection.  
> 
> They'd be easy, but I have two issues with these. First, I want
> embedded punctuation out of the names - I don't want that
> defect-attractor/complexity-escalator in the scanner.  I don't care
> what they're named otherwise.

This is why you should not implement while the syntax is worked out.
Richard had many good ideas.  None of this is settled.

> Second, why would you ever want one of these allow bits off?

Please read my long email to Richard so I do not have to repeat myself.

> If nobody has a convincing story, they stay out until we get an RFE
> from a real user.  KISS principle.

Already sent to the list previously.

> >*tls1.3ciphers [list]*  List of TLS 1.3 ciphers to negotiate, in
> >prefered order.  TLS 1.2 and 1.3 ciphers are different and must be
> >specified separately as OpenSSL needs them separately.  
> 
> Again. The barrier to entry for these is higher because they
> would need a non-trivial grammar modification. Tell me a real use
> case; explain why we should pay the complexity cost before we get
> an RFE from a real user.

Real use case?  Because they are required by multiple RFCs.  We
are supposed to be implementing the RFCs.  Right?

> >*ntpciphers [list]* List of ciphers to negotiate, in prefered order
> >for the NTPD connection.  The server must support
> >AEAD_AES_SIV_CMAC_256.  
> 
> And again.  OK name this time, but still looks like  gingerbread and
> chrome to me.

As required in the Proposed RFC.  As documented in nts.adoc for at least
a week.  Please read ALL the doc, and online discussion, before saying
things are not completely laid out.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at rellim.com  Tel:+1 541 382 8588

	    Veritas liberabit vos. -- Quid est veritas?
    "If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190201/0d00f5b2/attachment.bin>

More information about the devel mailing list