More word to nts.adoc

Gary E. Miller gem at rellim.com
Mon Jan 14 21:23:04 UTC 2019


Yo James!

On Mon, 14 Jan 2019 13:01:27 -0800
James Browning via devel <devel at ntpsec.org> wrote:

> > > When the NTP server is returning new cookies to the client, they
> > > are encrypted so that a spy can't track the client if it moves to
> > > a new IP Address before it uses the cookie.  
> >
> > I see nothing in the Proposed RFC that binds a cookie to an IP.
> > Good thing, it is a bad idea.  
> 
> 
> Adding (a) cookie field(s) could allow interesting behavior such as
> client migration tracking and forced key expiration after N rounds of
> NTP queries.

Why would we care?  Needless complexity for no proven benefit.  Plus it
would annoy the people that do not want to be tracked.

> It might be worth considering for restrictions in draft 16.

KISS.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at rellim.com  Tel:+1 541 382 8588

	    Veritas liberabit vos. -- Quid est veritas?
    "If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190114/0cc37283/attachment.bin>


More information about the devel mailing list