NTS keys as I understand them

Hal Murray hmurray at megapathdsl.net
Mon Jan 14 20:58:00 UTC 2019


> Why would a client waste all is cookies at once?  Since they can be reused
> until the NTPD returns a NACK this seems to ddefeat the benefit of keeping
> spare cookies around. 

To avoid bad-guys tracking you when you change IP Addresses.

The NTP client gets a new cookie with each response.  If things are working 
normally, you will never get a NACK or need to run NTS-KE again.  "normally" 
means fewer than 8 lost packets in a row.

It might make sense to use the same cookie on all packets in a burst, but then 
we have to think about switching IP Addresses in the middle of a burst and I 
don't want to go there.

-- 
These are my opinions.  I hate spam.





More information about the devel mailing list