NTS off the ground - time for testing
Hal Murray
hmurray at megapathdsl.net
Wed Feb 20 05:48:10 UTC 2019
The server side needs a cookie and private key.
The K and I used to encrypt cookies is a hack constant so old cookies work
over server reboots.
The client side defaults to using the system root certificates. You can
provide your own.
With the NTS flag, the client side tries NTS-KE, and drops into normal mode if
that doesn't work. If it does work, it sends NTS packets until it runs out of
cookies. Then it drops into normal mode.
The code to ask for extra cookies doesn't exist yet. If it gets started, it will run in NTS mode until 8 packets get lost.
--
These are my opinions. I hate spam.
More information about the devel
mailing list