First round of my stupid questions about NTS
Gary E. Miller
gem at rellim.com
Fri Jan 18 05:49:57 UTC 2019
Yo Hal!
On Thu, 17 Jan 2019 21:45:24 -0800
Hal Murray via devel <devel at ntpsec.org> wrote:
> Gary said:
> >> The idea is to take advantage of a connection to the NTP-server to
> >> offload as much complexity as possible.
> > Seems more comples to me. Now there are a ton of cookies that the
> > NTS-KE has to store, and yet another connection protocol.
>
> The NTS-KE doesn't have to store any cookies. When it gets a
> request, it sends the S2C and C2S keys to the NTP-server and gets
> back 8 cookies which it sends to the NTS-KE-client.
That adds unreasonable delay to the initial startup, and adds greatly
to the network traffic. If an NTS-KE is working with many NTPD, and
an NTPD is dead, this would add unreasonable delays.
Just cookie generation can be a time consuming process. Cookiees need
to be available, ready to go, for when a client requests them.
Adding another backend protocol is adding much needless comlexity.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190117/377057aa/attachment.bin>
More information about the devel
mailing list