First round of my stupid questions about NTS
Gary E. Miller
gem at rellim.com
Thu Jan 17 20:07:55 UTC 2019
Yo Eric!
On Thu, 17 Jan 2019 15:00:20 -0500
"Eric S. Raymond via devel" <devel at ntpsec.org> wrote:
> Ian Bruene via devel <devel at ntpsec.org>:
> > > Charlie requests a master key (and possibly initial cookies) daily
> > > from Delta.
> >
> > Cookies wouldn't be part of that. For a start "once a day" would
> > have the cookies up to tens of thousands of packets out of date
> > (assuming a packet every second for a client that joined just after
> > the last NTPD-NTS sync).
>
> Then what's *your* explanation for "We could also send the initial
> cookies over that channel so that only NTP-server knows the cookie
> format."
No way to recover the cookie format from a cookie...
But, that does bring up more questions. The Proposed RFC does not
specify a cookie format. I suspect this is intentional so that the
cookie can mutate over time.
Things like encryption algorithm and hash algorithm will change over
time. Also key sizes.
So, how does the NTS-KE and NTPD server know what cookie format(s) are
in use? How does the NTS-KE server know which cookie formats to issue
for which NTPD servers?
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190117/7b54bb92/attachment.bin>
More information about the devel
mailing list