NTS keys as I understand them
Gary E. Miller
gem at rellim.com
Tue Jan 15 18:48:34 UTC 2019
Yo Achim!
On Tue, 15 Jan 2019 19:16:54 +0100
Achim Gratz via devel <devel at ntpsec.org> wrote:
> Hal Murray via devel writes:
> >> While I don't know what the rationale was for the RFC, it still
> >> makes sense to provide a client with enough cookies so it can fire
> >> off the initial burst w/o re-keying even if all responses get
> >> lost.
> >
> > The NTS-KE section has a SHOULD return 8 keys, but only 1 is
> > required.
>
> An RFC has very specific language (it's explained at the start).
> "SHOULD" in all caps in this case essentially means that NTS-KE is
> strongly expected to serve 8 initial cookies, but a client must not
> fail if it doesn't. That's not a pass for implementing an NTS-KE
> which generally delivers only a single cookie or some other number
> below eight.
Umm, who are you arguing against? Did I miss someone suggest what you
are objecting to? I see no message referenced in your email to point
me at the OP of an idea like that.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190115/5ded8e20/attachment.bin>
More information about the devel
mailing list