First round of my stupid questions about NTS
Gary E. Miller
gem at rellim.com
Sat Jan 19 02:21:27 UTC 2019
Yo Richard!
On Fri, 18 Jan 2019 20:17:11 -0600
Richard Laager via devel <devel at ntpsec.org> wrote:
> On 1/18/19 8:05 PM, Gary E. Miller via devel wrote:
> > Section 5.1, they come from RFC 5706 using the PRF() function.
>
> Agreed.
>
> > The question is where the master key used by PRF() comes from.
>
> That comes from the TLS session.
Once again: there is no TLS session between NTPD client and NTPD server.
Once again: the NTPD server must generate new keys withour TLS.
> See RFC 5705's mentions of "TLS
> master secret".
Yes, that is what it says, but since we have no TLS session, we have no
TLS master key. So, instead, we use another master key.
We use the algorithm of RFC 5705, but in a context with no TLS.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190118/c22ea0c3/attachment.bin>
More information about the devel
mailing list