The key-manahement argument

Hal Murray hmurray at megapathdsl.net
Sat Jan 19 06:22:11 UTC 2019


Eric said:
> I alsop haven't seen anything yet that that relieves my worries about our
> draft-conformant NTS failing to interop with someone else's draft-conformant
> BTS due to varting cooke formats.

Not a problem.

The cookie format is private.  Neither client box needs to know anything about 
the contents.

One corner case is the initial cookies.  There are 2 options.

Case 1:  NTS-KE server generates the initial cookies.  In this case, it would 
need to know the NTP server's master key and the recipe for making cookies.

Case 2: When the NTS-KE server wants new cookies, it asks the NTP server.  In 
this mode, the NTS-KE server doesn't know anything about the structure of 
cookies or the master key.  The downside is extra network traffic.





-- 
These are my opinions.  I hate spam.





More information about the devel mailing list