NTS keys as I understand them
Hal Murray
hmurray at megapathdsl.net
Mon Jan 14 20:58:00 UTC 2019
> Why would a client waste all is cookies at once? Since they can be reused
> until the NTPD returns a NACK this seems to ddefeat the benefit of keeping
> spare cookies around.
To avoid bad-guys tracking you when you change IP Addresses.
The NTP client gets a new cookie with each response. If things are working
normally, you will never get a NACK or need to run NTS-KE again. "normally"
means fewer than 8 lost packets in a row.
It might make sense to use the same cookie on all packets in a burst, but then
we have to think about switching IP Addresses in the middle of a burst and I
don't want to go there.
--
These are my opinions. I hate spam.
More information about the devel
mailing list