First round of my stupid questions about NTS

Gary E. Miller gem at rellim.com
Fri Jan 18 19:32:33 UTC 2019 

Yo Hal!

On Fri, 18 Jan 2019 02:16:33 -0800
Hal Murray via devel <devel at ntpsec.org> wrote:

> Gary said:
> >>> Just look to the SSL/TLS mess for how upwardly compatible change
> >>> in crypto can be badly managed.  
> >> That's a public API.  The cookie format is private.  
> > Uh.  lost me?   
> 
> SSL/TLS is documented in various RFCs.  That's what public means.  We
> expect systems written by different groups to interoperate so all the
> details need to be documented.

Of course, so I am still not sure of your point?

> Only the NTP server needs to know the format of a cookie.  It doesn't
> need to be documented.  That's what private means.

But it is a LOT more efficient if the NTS-KE servers does as well.

> If you want the NTS-KE server to generate initial cookies rather than
> asking the NTP server for them, then you have to bundle the NTS-KE
> server with the NTP server.

Uh, no....

> That makes them semi-private.  You have
> to keep both ends in sync.

Mostly.  And easy if they use the same library.

> But we already have to keep both ends in sync since the the protocol
> between NTS-KE server and NTP server is also private.

Uh, we do not have an NTS-KE -> NTPD server protocol yet.  May never
need one.

> Same for NTP
> client and NTS-KE client.  We could document those if we wanted to
> give the admin more choices.

I've always assumed the NTP client and NTS-KE client are one and the
same.  Since booth need to handle the cookies it makes no sense to
overcomplicate the client end.

> That all assumes we are packaging NTS-KE server and NTS-KE client as
> separate run time programs.

Certainly not my assumption.

> That seems unlikely for the client.

Lost me.  I could parse that sentence more than one way...

> It's also unlikely for the initial server, but reasonably likely for
> the future.

I'm having trouble expanding your reuse of 'it' to mean different things...

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at rellim.com  Tel:+1 541 382 8588

	    Veritas liberabit vos. -- Quid est veritas?
    "If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190118/c56bad6a/attachment.bin>

More information about the devel mailing list