First round of my stupid questions about NTS
Hal Murray
hmurray at megapathdsl.net
Fri Jan 18 01:54:28 UTC 2019
Ian Bruene said:
> NTS-KE needs cookie generation because it has to render onto the client the
> initial cookie stock.
Right. But it doesn't actually have to generate them itself. It could also
get them from the NTP-server.
The idea is to take advantage of a connection to the NTP-server to offload as much complexity as possible. What does the NTP-KE-server do with the master key? Can we push all that to the NTP-server?
I think what I'm proposing is that NTP-KE-server is minimal. Can we make it just a TLS wrapper on an initial connection from NTP-client (via NTS-KE-client) to NTP-server?
------
I like Gary's suggestion of making most of the NTS-KE-client a library so we can package it stand alone or with NTP-client. I think the same applies to NTS-KE-server.
--
These are my opinions. I hate spam.
More information about the devel
mailing list