NTS keys as I understand them

Hal Murray hmurray at megapathdsl.net
Mon Jan 14 21:30:03 UTC 2019


Gary said:
> One is sufficient for that.  Cookie reuse is fine.

Cookie reuse is fine in the sense that it should work.  But the whole tone of 
the draft is that they won't be reused.  There is only a minor note that says 
you can reuse them.

I think we should follow the spirit of the draft rather than explore a corner 
case.


> Yes, but then you have no spare cookies for when you DO lose 8 packets in a
> row.  It is pretty common to lose 8 packets in a row on today's internet.

How often do we lose 8 packets in a row when they are spread out at 1 minute 
intervals?  (I have data in old log files but it will take me a while to dig 
it out.  I fixed a bug a couple of days ago.)

It might make sense to reuse a cookie during a burst.  That case can wait.

Reusing cookies makes more sense in the static case where you aren't worried 
about tracking, a server or home PC rather than a laptop or smart phone.  
Again, that case can wait.


> Sure we can.  Nothing in the Proposed RFC says the NTPD must invalidate
> cookies.  As a practical matter maybe the NTPD needs a config option for
> cookie lifetime. 

The cookie lifetime is the master key lifetime.  Sure, the NTP server could 
remember old keys forever.  The intention is clearly that the client rotates 
cookies and that the server only remembers the current key and 1 old key.



-- 
These are my opinions.  I hate spam.





More information about the devel mailing list