First round of my stupid questions about NTS

Gary E. Miller gem at rellim.com
Sat Jan 19 00:44:11 UTC 2019


Yo Richard!

On Fri, 18 Jan 2019 18:15:51 -0600
Richard Laager via devel <devel at ntpsec.org> wrote:

> > Nothing in there about using anything from the current TLS
> > session.  
> 
> ...which uses the master_secret, client_random, and server_random from
> the TLS session.

Let's look at this another way:

There is no TLS session between NTP client and NTP server.  UDP only.
And yet the NTP server must provide a new cookie every client request.
Since there is no TLS session, the master key used can not be from the
TLS session.


Here is another way.  If each connection used a different master
key, then the NTPD server would need to store state for each client
to know what master key to use.  Instead the NTPD server just generates
a new master key every day or so.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at rellim.com  Tel:+1 541 382 8588

	    Veritas liberabit vos. -- Quid est veritas?
    "If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190118/edcbc8f9/attachment.bin>


More information about the devel mailing list