More word to nts.adoc
Gary E. Miller
gem at rellim.com
Mon Jan 14 21:23:04 UTC 2019
Yo James!
On Mon, 14 Jan 2019 13:01:27 -0800
James Browning via devel <devel at ntpsec.org> wrote:
> > > When the NTP server is returning new cookies to the client, they
> > > are encrypted so that a spy can't track the client if it moves to
> > > a new IP Address before it uses the cookie.
> >
> > I see nothing in the Proposed RFC that binds a cookie to an IP.
> > Good thing, it is a bad idea.
>
>
> Adding (a) cookie field(s) could allow interesting behavior such as
> client migration tracking and forced key expiration after N rounds of
> NTP queries.
Why would we care? Needless complexity for no proven benefit. Plus it
would annoy the people that do not want to be tracked.
> It might be worth considering for restrictions in draft 16.
KISS.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190114/0cc37283/attachment.bin>
More information about the devel
mailing list