First round of my stupid questions about NTS
Gary E. Miller
gem at rellim.com
Sat Jan 19 02:33:22 UTC 2019
Yo Richard!
On Fri, 18 Jan 2019 20:24:15 -0600
Richard Laager via devel <devel at ntpsec.org> wrote:
> On 1/18/19 8:21 PM, Gary E. Miller via devel wrote:
> > Once again: there is no TLS session between NTPD client and NTPD
> > server.
>
> As I quoted, from section 1.2 of draft-ietf-ntp-using-nts-for-ntp-15:
>
> "The client connects to an
> NTS-KE server on the NTS TCP port and the two parties perform a TLS
> handshake. Via the TLS channel, ..."
I know you said that.
You are talking about the NTS-KE to NTPD server connection.
I am talking about the NTPD client to NTPD server connection.
Since they both need to work the same way we need to look at them
at the same time.
> Am I reading the wrong draft?
No, just reading it wrong.
Looked at yet another way, the draft suggest to rotate the master key
once a day, same master key on NTS-server and NTPD server. But TLS
uses a new master key every connection.
How do you propose that the NTS-KE (with TLS) and NTPD (without TLS)
server share the same master key for one day using a master key from
ephmeral TLS connections to the NTS-KE?
Can't fit a round peg in the square hole.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190118/f3897688/attachment-0001.bin>
More information about the devel
mailing list