First round of my stupid questions about NTS
Richard Laager
rlaager at wiktel.com
Sat Jan 19 03:35:34 UTC 2019
On 1/18/19 8:51 PM, Gary E. Miller via devel wrote:
>> The c2s/s2c pair. Generated *BY* the TLS exchange between the client
>> and the NTS-KE server.
> No, generated *FOR* the key TLS exchange.
This is the main source of your confusion.
The client and NTS-KE server establish a TLS session. The TLS connection
has its own keys created as part of the TLS negotiation. We don't care
about any of those keys directly. They can be managed by the SSL library
doing the encryption for the NTS-KE daemon and you never need to see them.
Then, the NTS-KE daemon asks the SSL library to perform RFC 5705: twice,
once for C2S and once for S2C. It passes the inputs specified in the NTS
protocol. The SSL library, which knows the TLS session's PRF,
master_secret, client_random, and server_random, runs the RFC 5705
algorithm and hands back a key to the NTS-KE daemon. See, for example:
https://www.openssl.org/docs/man1.1.1/man3/SSL_export_keying_material.html
The client and server independently run this RFC 5705 algorithm in the
same way and, since it is deterministic, each arrive at the same C2S and
S2C, which will be used later for NTP (not NTS-KE) traffic.
The NTS-KE and NTP processes, if separate, share a--completely separate
from all of the above--key "K" which is used to encrypt the cookies they
issue to the client.
--
Richard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190118/d5f0a512/attachment.bin>
More information about the devel
mailing list