The key-manahement argument
Hal Murray
hmurray at megapathdsl.net
Sun Jan 20 00:58:19 UTC 2019
> Imagine a server that uses the suggested cookie approach and simply never
> rolls over K. As long as the client daemon is running, its cookies will be
> valid and keep getting renewed. C2S and S2C will never get rolled over.
> Should the client track an expiration limit in memory, and when that limit is
> hit, re-run NTS-KE?
Note that the client keeps using the same C2S and S2C even if the server does
roll over K.
-------
> But there is a middle ground: opportunistic NTS.
The downside of opportunistic X is that it appears to be working but may stop
working without any warning. I think we should avoid it.
--
These are my opinions. I hate spam.
More information about the devel
mailing list