ntp.conf changes for NTS
Hal Murray
hmurray at megapathdsl.net
Sat Feb 2 10:33:56 UTC 2019
> Sorry, this is plain nonsense. You will not create enough messages for this
> to ever be a problem even on a terabit link. And the RFC already asks you to
> do a key rollover on a ~day timescale, so you have even less chance to
> produce so many messages.
Different keys. The rollover covers K, the server key used to encrypt part of
the contents of cookies.
The per client-server pair of keys, C2S and S2C don't roll over as long as the
connection works reasonably well. I asked about key lifetime on the NTP list
and Daniel said we don't have to worry about it.
https://mailarchive.ietf.org/arch/msg/ntp/lV74s2I97P8ncJdjsIKvlcAgEG0
> The recommendation for AES-SIV is to encrypt no more than 2**48
> messages under the same key. At one message per second that's almost 9
> million years. If you (unwisely) use AES-GCM instead, where the
> recommended limit is 2**32 messages, that's still 136 years.
--
These are my opinions. I hate spam.
More information about the devel
mailing list