ntp.conf changes for NTS
Gary E. Miller
gem at rellim.com
Sun Feb 3 02:19:30 UTC 2019
Yo James!
On Sat, 2 Feb 2019 13:44:12 -0800
James Browning via devel <devel at ntpsec.org> wrote:
> >> What you almost need is a cookie extension to trigger a rekeying
> >> periodically.
> >
> > Yes. Sad the Proposed RFC is silent on the subject. Seems a gaping
> > hole to me.
> >
> >> You might want to look at the 2nd? Commit of mr 902 and
> >> then point and laugh.
> >
> > GitLab does not consecutively number commits. Whis one do you
> > mean?
>
> https://gitlab.com/NTPsec/ntpsec/merge_requests/902/diffs?commit_id=ac0ab3cb0fbbe8d9d2b3f7b43340ba0bc0d6bd30
>
> "drop/revise" of "Nts pass3"
I assume you mane this:
.. (optional) a timestamp when to stop honoring the current cookie series
Good. More correct to say stop using the same C2S/S2C
.. (optional) a timestamp when the current cookie series began (for expiration)
Similar, use one or the other.
.. (optional) a number of cookies remaining before series expiration.
Useless. The artacker just keeps presenting the same cookie.
.. (optional) the number of cookies (estimated) since series began for expiration.
Useless. The attacker just keeps presenting the same cookie.
This should be in the Proposed RFC. Other implementations will get it
wrong.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190202/2ce501d5/attachment.bin>
More information about the devel
mailing list