Implementing NTS options
Eric S. Raymond
esr at thyrsus.com
Sat Feb 2 09:18:26 UTC 2019
Achim Gratz via devel <devel at ntpsec.org>:
> The RFC says the client needs to tell the NTS-KE all supported ciphers.
> It doesn't say it must support different ciphers for different servers.
Yeah, that second part *really* didn't make any sense to me.
So tell me: can we conform by *discovering* the cipher set at startup time
and shipping that list to NTS-KE? Because if the RFCs don't for some
insane reason *forbid* that behavior, it's clearly the right thing.
--
<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
My work is funded by the Internet Civil Engineering Institute: https://icei.org
Please visit their site and donate: the civilization you save might be your own.
More information about the devel
mailing list