NTS keys as I understand them
Ian Bruene
ianbruene at gmail.com
Fri Jan 11 03:20:53 UTC 2019
I know of these keys that exist within NTS:
* client-to-server (c2s)
* server-to-client (s2c)
* server master key
The master key is shared between NTPD and NTS-KE (mechanism currently
undecided). It is used to encrypt data in cookies and is never seen
outside of the NTPD/NTS-KE pair. *The client never sees this key*. The
master key is also expected to be rotated on a regular basis: the
example in section 6 of the draft has once a day rotation.
The c2s/s2c pair is created during the TLS handshake between NTS-KE and
the client. They are expected to be embedded within the encrypted part
of the cookie so that the server does not need to store any per-client
state. No mention is made of rotating these, though it could be done
through invalidation with NAK.
An important detail is that because the client never has access to any
master key, the client is not able to see inside or change the cookie.
This is true even if the client knows the cookie format of the server
that it is talking to. Because of this it is impossible for the server
or client to update the c2s/s2c pair by sending new ones in a cookie.
--
/"In the end; what separates a Man, from a Slave? Money? Power? No. A
Man Chooses, a Slave Obeys."/ -- Andrew Ryan
/"Utopia cannot precede the Utopian. It will exist the moment we are fit
to occupy it."/ -- Sophia Lamb
I work for the Internet Civil Engineering Institute <https://icei.org/>,
help us save the Internet from Entropy!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190110/2f735226/attachment-0001.html>
More information about the devel
mailing list