The key-manahement argument
Hal Murray
hmurray at megapathdsl.net
Sat Jan 19 06:22:11 UTC 2019
Eric said:
> I alsop haven't seen anything yet that that relieves my worries about our
> draft-conformant NTS failing to interop with someone else's draft-conformant
> BTS due to varting cooke formats.
Not a problem.
The cookie format is private. Neither client box needs to know anything about
the contents.
One corner case is the initial cookies. There are 2 options.
Case 1: NTS-KE server generates the initial cookies. In this case, it would
need to know the NTP server's master key and the recipe for making cookies.
Case 2: When the NTS-KE server wants new cookies, it asks the NTP server. In
this mode, the NTS-KE server doesn't know anything about the structure of
cookies or the master key. The downside is extra network traffic.
--
These are my opinions. I hate spam.
More information about the devel
mailing list