NTS keys as I understand them

Achim Gratz Stromeko at nexgo.de
Tue Jan 15 18:16:54 UTC 2019


Hal Murray via devel writes:
>> While I don't know what the rationale was for the RFC, it still makes sense
>> to provide a client with enough cookies so it can fire off the initial burst
>> w/o re-keying even if all responses get lost. 
>
> The NTS-KE section has a SHOULD return 8 keys, but only 1 is required.

An RFC has very specific language (it's explained at the start).
"SHOULD" in all caps in this case essentially means that NTS-KE is
strongly expected to serve 8 initial cookies, but a client must not fail
if it doesn't.  That's not a pass for implementing an NTS-KE which
generally delivers only a single cookie or some other number below
eight.  Again, there likely is a rationale for not chosing MUST
(e.g. for a specific use scenarios inside a datacenter, or maybe IoT
applications like metering), maybe Daniel could explain.


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Wavetables for the Waldorf Blofeld:
http://Synth.Stromeko.net/Downloads.html#BlofeldUserWavetables



More information about the devel mailing list