NTS keys as I understand them
Eric S. Raymond
esr at thyrsus.com
Fri Jan 11 18:12:53 UTC 2019
Hal Murray via devel <devel at ntpsec.org>:
>
> Gary said:
> > The client does not update his cookie(s), he just asks the NTS-KE for new
> > ones when the NTPD NAKs the one he has been using.
>
> Not quite. An important idea is that cookies are only used once. That
> prevents bad guys from tracking you.
>
> In the normal case, the client sends a cookie and gets back an encrypted
> cookie.
>
> The client starts with 8 cookies. If a packet gets lost, the next request
> includes a single cookie-please slot. The server returns an extra cookie so
> the client is back to 8. The cookie-please slot has the same length as a
> cookie slot so you can't use cookie-please as an amplifier. If more then 1
> packet has been lost, more then one cookie-please slots can be sent.
>
> If 8 packets are lost, the client has to go through NTS-KE again.
Would you guys please start putting this level of detrail in nts.adoc?
--
<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
My work is funded by the Internet Civil Engineering Institute: https://icei.org
Please visit their site and donate: the civilization you save might be your own.
More information about the devel
mailing list