Let's get moving on NTS

[Gary E. Miller]

Yo Ian!

On Sun, 6 Jan 2019 14:23:14 -0600
Ian Bruene via devel <devel at ntpsec.org> wrote:

> Charlie to Delta is the big acknowledged unknown.

Seems to me that Section 6 of the proposed RFC defines this pretty well.
Once you can figure out who Clarlie (NTPD) and Delta (NTS-KE) are.

> I think the word
> you might be looking for is "transaction".

Hardly qualifies as a transaction as there is no reciprocity (See the
dictionary).  In the dark past, either the NTPD told the NTS-KE what
keys to use, or vice versa.  Not even a need for an ACK.

> "It's whatever is needed to verify the cookie from Alpha."

Yes, the blob as defined in Section 6.

> Whatever needs to be communicated on that channel it can't be
> verifying cookies and also be "only an occasional ???". Verifying
> cookies means every single ntp packet that comes in to Charlie has to
> be checked with Delta.

Nope.  Reread the Proposed RFC.  NTS-KE and NTP agree before hand on
some long lived keys to use.  They actually don't need to 'agree'.
Either the NTS-KE tells the NTP, or vice versa.  Maybe no need for any
negotiation.  Then use them for hours, days, weeks or months.

Section 6 proposes a simple means to keep generating new short term
keys fomr old keys, so no need for further communication between the
NTS-KE and NTPD.  Just once is enough.

Not to say that it can't, or shouldn't, get a bit more complicated, but
it is not required.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at rellim.com  Tel:+1 541 382 8588

	    Veritas liberabit vos. -- Quid est veritas?
    "If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190106/738509e7/attachment.bin>