More word to nts.adoc
James Browning
jamesb.fe80 at gmail.com
Mon Jan 14 21:01:27 UTC 2019
On Mon, Jan 14, 2019, 12:30 PM Gary E. Miller via devel <devel at ntpsec.org
wrote:
> Yo Hal!
>
> On Mon, 14 Jan 2019 12:19:09 -0800
> Hal Murray via devel <devel at ntpsec.org> wrote:
>
> > When the NTP server is returning new cookies to the client, they are
> > encrypted so that a spy can't track the client if it moves to a new
> > IP Address before it uses the cookie.
>
> I see nothing in the Proposed RFC that binds a cookie to an IP. Good
> thing, it is a bad idea.
Adding (a) cookie field(s) could allow interesting behavior such as client
migration tracking and forced key expiration after N rounds of NTP queries.
It might be worth considering for restrictions in draft 16.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190114/0d5b9663/attachment-0001.html>
More information about the devel
mailing list