ntp.conf changes for NTS

Hal Murray hmurray at megapathdsl.net
Sat Feb 2 13:27:08 UTC 2019


> Yes, you'd need implausible to impossible lifetimes of the client/server
> pairing for these to ever become a problem.  But again, when key rollover
> gets implemented as indicated in the RFC, those will stop being useful on the
> second rollover.

What stops being useful when K rolls over is old cookies.

C2S and S2C are used to authenticate the packets and also to encrypt new 
replacement cookies from server to client.  There is no roll over mechanism 
for C2S or S2C.  They get refreshed if you go through NTS-KE again, but that 
doesn't happen during normal operations.  You need to do something like drop 8 
packets in a row.

-- 
These are my opinions.  I hate spam.





More information about the devel mailing list