ntp.conf changes for NTS
Achim Gratz
Stromeko at nexgo.de
Sat Feb 2 13:14:43 UTC 2019
Hal Murray via devel writes:
>> Sorry, this is plain nonsense. You will not create enough messages for this
>> to ever be a problem even on a terabit link. And the RFC already asks you to
>> do a key rollover on a ~day timescale, so you have even less chance to
>> produce so many messages.
>
> Different keys. The rollover covers K, the server key used to encrypt part of
> the contents of cookies.
Since that's the key the cookies get encrypted with, on the second
rollover they get dropped. So any old cookies will no longer be
accepted by the NTP server after the second rollover.
> The per client-server pair of keys, C2S and S2C don't roll over as long as the
> connection works reasonably well. I asked about key lifetime on the NTP list
> and Daniel said we don't have to worry about it.
> https://mailarchive.ietf.org/arch/msg/ntp/lV74s2I97P8ncJdjsIKvlcAgEG0
Yes, you'd need implausible to impossible lifetimes of the client/server
pairing for these to ever become a problem. But again, when key
rollover gets implemented as indicated in the RFC, those will stop being
useful on the second rollover.
>> The recommendation for AES-SIV is to encrypt no more than 2**48
>> messages under the same key. At one message per second that's almost 9
>> million years. If you (unwisely) use AES-GCM instead, where the
>> recommended limit is 2**32 messages, that's still 136 years.
Exactly.
Regards,
Achim.
--
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+
DIY Stuff:
http://Synth.Stromeko.net/DIY.html
More information about the devel
mailing list