NTS keys as I understand them
Achim Gratz
Stromeko at nexgo.de
Mon Jan 14 20:32:29 UTC 2019
Hal Murray via devel writes:
> The client starts with 8 cookies. If a packet gets lost, the next request
> includes a single cookie-please slot. The server returns an extra cookie so
> the client is back to 8. The cookie-please slot has the same length as a
> cookie slot so you can't use cookie-please as an amplifier. If more then 1
> packet has been lost, more then one cookie-please slots can be sent.
>
> If 8 packets are lost, the client has to go through NTS-KE again.
It is actually allowed to re-use cookies, specifically if it wants to
avoid that re-keying. Whether that's a good idea is debatable, but the
server doesn't know either way and the decision is up to the client.
BTW, the number eight is not arbitrary: that is exactly the number of
packets a burst poll would use.
Regards,
Achim.
--
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+
DIY Stuff:
http://Synth.Stromeko.net/DIY.html
More information about the devel
mailing list