First round of my stupid questions about NTS
Richard Laager
rlaager at wiktel.com
Sat Jan 19 01:58:23 UTC 2019
I believe we already agree that NTS-KE generates cookies and that
generation process requires C2S and S2C. The question is where to C2S
and S2C come from.
On 1/18/19 7:26 PM, Gary E. Miller via devel wrote:
> Yes, just for THAT session. And only for NTS-KE connections. No
> NTPD client to NTPD server TLS session ever exists.
The client connects to the NTS-KE server over TLS. The TLS session
master_secret, client_random, and server_random are used (through the
TLS session's PRF) by client and server to derive C2S and S2C as
previously described, using the RFC 5705 algorithm.
From section 1.2 of draft-ietf-ntp-using-nts-for-ntp-15:
"The typical protocol flow is as follows: The client connects to an
NTS-KE server on the NTS TCP port and the two parties perform a TLS
handshake. Via the TLS channel, the parties negotiate some
additional protocol parameters and the server sends the client a
supply of cookies along with a list of one or more IP addresses to
NTP servers for which the cookies are valid. The parties use TLS key
export [RFC5705] to extract key material which will be used in the
next phase of the protocol. This negotiation takes only a single
round trip, after which the server closes the connection and discards
all associated state. At this point the NTS-KE phase of the protocol
is complete. Ideally, the client never needs to connect to the NTS-
KE server again."
--
Richard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190118/1aef9590/attachment-0001.bin>
More information about the devel
mailing list