First round of my stupid questions about NTS

Gary E. Miller gem at rellim.com
Fri Jan 18 05:46:23 UTC 2019 

Yo Hal!

On Thu, 17 Jan 2019 19:33:00 -0800
Hal Murray via devel <devel at ntpsec.org> wrote:

> Eric said:
> >> So, how does the NTS-KE and NTPD server know what cookie format(s)
> >> are in use?  How does the NTS-KE server know which cookie formats
> >> to issue for which NTPD servers?  
> > That's a question for Daniel. I hope he'll answer it.   
> 
> Seems simple to me.  The programmers and/or sysadmins have to get it
> right.

Yes, as Section 6 of the Proposed RFC suggests:

    "The cookie should consist of the tuple `(I,N,C)`."

    "To verify and decrypt a cookie provided by the client, first parse it
    into its components `I`, `N`, and `C`. Use `I` to look up its
    decryption key `K`. If the key whose identifier is `I` has been
    erased or never existed, decryption fails; reply with an NTS NAK.
    Otherwise, attempt to decrypt and verify ciphertext `C` using key `K`
    and nonce `N` with no associated data.  If decryption or verification
    fails, reply with an NTS NAK.  Otherwise, parse out the contents of
    the resulting plaintext `P` to obtain the negotiated AEAD algorithm,
    S2C key, and C2S key."

P is left an an exercise for us to decide.

> Suppose you want to change the cookie format.

Why would you?  Without knowing how much it would change your have
to assume that the whole thing gets thrown out, and reinvented.

> Plan B:
>   Install/restart a new NTP server that supports both old and new
> cookies. Install/restart a new NTS-KE-server that gives out new
> cookies. Wait a while.  All old cookies will go away.

Given how long NTPD servers remain in use this is the only option.

> Plan C/D:
>   Same as above except the NTS-KE-server gets the cookies from the
> NTP-server so there is no need to install/restart the NTS-KE-server.
> It will have to make a new connection to the new NTP-server.

A nightmare.  Juggling 10,000+ cookies would be a mess.  It may close to
double the traffic to the NTPD server.

Easier, as the RFC implies, for the NTS-KE to make them up as needed.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at rellim.com  Tel:+1 541 382 8588

	    Veritas liberabit vos. -- Quid est veritas?
    "If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190117/c714adcb/attachment.bin>

More information about the devel mailing list