First round of my stupid questions about NTS
Hal Murray
hmurray at megapathdsl.net
Fri Jan 18 01:11:42 UTC 2019
>> We could restart
>> NTP-server or NTS-KE-server as long as the other end stayed up and we
>> arranged to send the keys in both directions.
> well, you sorta need a key to do that, right? Seems circular...
When they are up and running, both the NTP server and the NTS-KE server know
the master key. If you restart one end, it can ask the other for the key.
>> There is another problem area: who makes the initial certificates.
Sorry. Typo on my end. certificates => cookies.
Do both NTP-server and NTS-KE-server have to know the new-cookie recipe? Does
NTS-KE-server need the master key for anything other than generating cookies?
Does it work if only the NTP-server has the master key and the NTS-KE-server
gets cookies and S2C and C2S from the NTP server?
--
These are my opinions. I hate spam.
More information about the devel
mailing list