NTS keys as I understand them

Gary E. Miller gem at rellim.com
Mon Jan 14 22:28:34 UTC 2019


Yo Hal!

On Mon, 14 Jan 2019 14:19:00 -0800
Hal Murray via devel <devel at ntpsec.org> wrote:

> > Seems to me that reuse is in the spirit of the draft.  And not a
> > corner case, a very simple basic case.  The sort of thing a minimal
> > client would do.  
> 
> It's a corner case in the sense that half the document wouldn't be
> needed if the designers thought that was normal.

But they didn't.  So we have to deal with it.  And I happen to like
corner cases that are very simple: a good place to start work.

> We aren't dealing with a minimal client.

Really?  I guess we need to step back even further then so we can
agree what we are talking about.  I've been talking about clients,
NTS-KE and NTPD that conform to the Proposed RFC.

Are you expanding, or contracting, that scope?

> > Yup, that is my point, cookie reuse is fine.
> > Design first, code second.  
> 
> > Why do you keep fighting it?  The NTPD needs to work either way, so
> > all we can do is allow the client to choose.   
> 
> The server has no per-client state.  It doesn't know if a cookie gets
> reused.

Maybe, maybe not.  Since we have not designed the server, yet, we can do
what we want, within the scope of the Proposed RFC.

And I'm not sure how per-client applies to cookie lifetime and/or reuse.
Not needed, but maybe useful.

> I'm a privacy nut.  I expect the no-reuse case to be the default.

Fair enough, but that provides no guidance on the reuse in the iburst.

> Seem like we should design for that case.

We have to design for ALL cases in the proposed RFC for interoperability.

> Why are you fighting so hard for the reuse case?

Because the Proposed RFC allows for it, so some will use it.  We need to
be interroperable.  It may be useful for bad connections.

If you don't like the Proposed RFC, then complain to the IETF.  I just
assume we are stuck with it.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at rellim.com  Tel:+1 541 382 8588

	    Veritas liberabit vos. -- Quid est veritas?
    "If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190114/51fbf3cc/attachment-0001.bin>


More information about the devel mailing list