Implementing NTS options
Achim Gratz
Stromeko at nexgo.de
Sat Feb 2 09:08:17 UTC 2019
Gary E. Miller via devel writes:
>> >*tls1.3ciphers [list]* List of TLS 1.3 ciphers to negotiate, in
>> >prefered order. TLS 1.2 and 1.3 ciphers are different and must be
>> >specified separately as OpenSSL needs them separately.
>>
>> Again. The barrier to entry for these is higher because they
>> would need a non-trivial grammar modification. Tell me a real use
>> case; explain why we should pay the complexity cost before we get
>> an RFE from a real user.
>
> Real use case? Because they are required by multiple RFCs. We
> are supposed to be implementing the RFCs. Right?
Changing the OpenSSL ciphersuites is typically done on system-level,
application-level is not unheard of, but I haven't personally seen a
per-server configuration.
>> >*ntpciphers [list]* List of ciphers to negotiate, in prefered order
>> >for the NTPD connection. The server must support
>> >AEAD_AES_SIV_CMAC_256.
>>
>> And again. OK name this time, but still looks like gingerbread and
>> chrome to me.
>
> As required in the Proposed RFC.
The RFC says the client needs to tell the NTS-KE all supported ciphers.
It doesn't say it must support different ciphers for different servers.
Regards,
Achim.
--
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+
Waldorf MIDI Implementation & additional documentation:
http://Synth.Stromeko.net/Downloads.html#WaldorfDocs
More information about the devel
mailing list