First round of my stupid questions about NTS

Hal Murray hmurray at megapathdsl.net
Sat Jan 19 03:07:58 UTC 2019


Gary said:
> Once again: there is no TLS session between NTPD client and NTPD server.
> Once again: the NTPD server must generate new keys withour TLS. 

No, it reuses the old S2C and C2S.  (that it gets from decrypting the cookie)


> We use the algorithm of RFC 5705, but in a context with no TLS.

That doesn't make sense.  RFC 5705 assumes there is a TLS session.


-- 
These are my opinions.  I hate spam.





More information about the devel mailing list