First round of my stupid questions about NTS

Hal Murray hmurray at megapathdsl.net
Sat Jan 19 00:58:31 UTC 2019


Gary said:
> There is no TLS session between NTP client and NTP server.  UDP only. And yet
> the NTP server must provide a new cookie every client request. Since there is
> no TLS session, the master key used can not be from the TLS session. 

The NTP server extracts S2C and C2S and AEAD number by using the master key to 
decrypt them from the cookie.  (That's the whole point of the cookie.)  So it 
can use them to make new cookies.


> Here is another way.  If each connection used a different master key, then
> the NTPD server would need to store state for each client to know what master
> key to use.  Instead the NTPD server just generates a new master key every
> day or so. 

I think you are confusing things with that use of "master key".  Each TLS session sets up new working keys.  I'm not familiar with the details.  More info in Richard's recent msg.  Each end has whatever it takes to use RFC 5705 to make more keys without exchanging any packets.


-- 
These are my opinions.  I hate spam.





More information about the devel mailing list