NTS off the ground - time for testing
Eric S. Raymond
esr at thyrsus.com
Wed Feb 20 05:51:59 UTC 2019
Hal Murray via devel <devel at ntpsec.org>:
>
> The server side needs a cookie and private key.
>
> The K and I used to encrypt cookies is a hack constant so old cookies work
> over server reboots.
>
> The client side defaults to using the system root certificates. You can
> provide your own.
>
> With the NTS flag, the client side tries NTS-KE, and drops into normal mode if
> that doesn't work. If it does work, it sends NTS packets until it runs out of
> cookies. Then it drops into normal mode.
>
> The code to ask for extra cookies doesn't exist yet. If it gets started, it will run in NTS mode until 8 packets get lost.
Excellent. What's the bext thing you need from me?
--
<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
My work is funded by the Internet Civil Engineering Institute: https://icei.org
Please visit their site and donate: the civilization you save might be your own.
More information about the devel
mailing list