First round of my stupid questions about NTS
Gary E. Miller
gem at rellim.com
Fri Jan 18 22:44:43 UTC 2019
Yo Richard!
On Fri, 18 Jan 2019 16:28:56 -0600
Richard Laager via devel <devel at ntpsec.org> wrote:
> > Thanks, that seems to prove my point. The S2C and C2S are
> > 'extracted' not 'dependent'.
>
> RFC 5705 starts, "A number of protocols wish to leverage Transport
> Layer Security (TLS) [RFC5246] or Datagram TLS (DTLS) [RFC4347] to
> perform key establishment but then use some of the keying material
> for their own purposes."
"wish" is not MUST. Just because we use Transport Layer Security (TLS)
[RFC5246] to send the cookie(s) does not mean it is intertwined with the
cookie contents.
> Unless I'm misunderstanding, that is exactly what is going on here...
We at least fail in a common understanding of what is not yet going on
here.
> NTS-KE uses TLS. Then the TLS session is used to provide keys to
> NTS-KE for ultimate use in NTP.
I think we are confusing different session keys. There are the session
keys created for the current TLS session. They are, potentially,
unrelated to the session keys in the NTS cookie.
> Hal's original statement was, "You can't precompute cookies. They
> contain S2C and C2S which depend on the TLS sesson key."
And I still disagree.
> While there is technically nothing called a TLS session key in the TLS
> standard, the use of "session key" in this context is quite common.
Yes, and that session key is not the C2S or S2C session key.
> I understand Hal's point to be: S2C and C2S depend on the TLS
> session's master secret, etc., and thus require the TLS session to be
> fully established.
I also understand that to be Hal's point. And I still believe that
is an over-reading of the RFCs.
Maybe we want to derive C2S and S2C from the TLS session, but I do not
see that as mandated.
> Therefore, you cannot compute cookies prior to a
> particular TLS session being established.
And I disagree with that. Not to be mistaken for me wanting them to
be precomputed.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190118/61e3cbf8/attachment.bin>
More information about the devel
mailing list