ntp.conf changes for NTS
Gary E. Miller
gem at rellim.com
Sat Feb 2 20:46:22 UTC 2019
Yo Hal!
On Sat, 02 Feb 2019 12:36:10 -0800
Hal Murray via devel <devel at ntpsec.org> wrote:
> But there is another pair of keys: C2S and S2C. They are used to
> authenticate and encrypt traffic between client and server. There is
> no explicit mechanism to roll them over - nor is there a need for one.
Really? So unlimmited numbers of packets with identical C2S, S2S
and master key, differing only int ehnonce is not a problem?
Pretty much every crypto algorithm I know of has a recommended
maximum number of uses. Allowing these two to be used unlimited times
is violating absic crypto principles goint back to well before how
Enigma, and other ciphers, were broken.
> But if no packets are lost, C2S and S2C will be used forever.
Yeah, bad.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190202/3ca7248f/attachment.bin>
More information about the devel
mailing list