NTS off the ground - time for testing
Daniel Franke
dfoxfranke at gmail.com
Wed Feb 20 14:09:00 UTC 2019
On Wed, Feb 20, 2019 at 12:48 AM Hal Murray via devel <devel at ntpsec.org> wrote:
> The K and I used to encrypt cookies is a hack constant so old cookies work
> over server reboots.
I assume this is temporary while you work on this code, right?
Obviously if K is a hardcoded constant you have no security.
> With the NTS flag, the client side tries NTS-KE, and drops into normal mode if
> that doesn't work. If it does work, it sends NTS packets until it runs out of
> cookies. Then it drops into normal mode.
Don't do that. Not even temporarily, not even as an option, not even
"opportunistically". If an adversary can force a client out of NTS
mode by dropping a few NTS packets, then NTS has no value.
More information about the devel
mailing list