ntp.conf changes for NTS
Achim Gratz
Stromeko at nexgo.de
Sun Feb 3 17:15:16 UTC 2019
Gary E. Miller via devel writes:
>> > > But if no packets are lost, C2S and S2C will be used forever.
>> >
>> > Yeah, bad.
>>
>> What you almost need is a cookie extension to trigger a rekeying
>> periodically.
>
> Yes. Sad the Proposed RFC is silent on the subject. Seems a gaping
> hole to me.
While it'd be nice if the issue was explicitly mentioned, it's quite
easy to implement a system where the S2C and C2S key are rolled over
together with the master key. In order to not produce a self-inflicted
DOS on the NTS-KE you'll keep the old master key as suggested RFC for
some time, but you don't roll over the encryption of new cookies to the
new key. Then over the course of the next hour(s) you start NAK'ing the
old cookies with a rate that doesn't overwhelm the NTS-KE and when that
rate falls to some low enough value you drop the old master key
entirely.
Regards,
Achim.
--
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+
DIY Stuff:
http://Synth.Stromeko.net/DIY.html
More information about the devel
mailing list