NTS keys as I understand them
Gary E. Miller
gem at rellim.com
Mon Jan 14 20:58:18 UTC 2019
Yo Achim!
On Mon, 14 Jan 2019 21:54:03 +0100
Achim Gratz via devel <devel at ntpsec.org> wrote:
> Hal Murray via devel writes:
> >> BTW, the number eight is not arbitrary: that is exactly the number
> >> of packets a burst poll would use.
> >
> > The normal case is that the client gets back a response before it
> > sends the next request in the burst, so it only needs 1 cookie to
> > start with.
>
> While I don't know what the rationale was for the RFC, it still makes
> sense to provide a client with enough cookies so it can fire off the
> initial burst w/o re-keying even if all responses get lost.
One is sufficient for that. Cookie reuse is fine.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190114/2de768e9/attachment.bin>
More information about the devel
mailing list