The key-manahement argument

James Browning jamesb.fe80 at gmail.com
Sun Jan 20 01:48:54 UTC 2019


On Sat, Jan 19, 2019, 4:30 PM Hal Murray via devel <devel at ntpsec.org wrote:

>
> > The NTS-KE servers would have to share NTS master keys (and cookie
> formats!)
> > with volunteer NTP servers.
>
> If you are interested in security, sharing a master key with many servers
> seems like a bad idea - too many opportunities for a leak.  With something
> like the pool where anybody can join (and thus get the key), security is
> no
> longer possible.
>
> There are actually two parts to TLS security.  One is the technical side.
> Can
> the crypto be broken?  Has the secret key leaked?  The other is trust.  Do
> you
> trust the name you are using?  The name you used could be a malicious
> clone of
> a legitimate name: F00 vs FOO.  Or the correct company could be
> untrustworthy.
>
> The pool might be a good way to test NTS code.  I don't see how to get a
> serious level of trust with volunteer effort.
>

"K" could be stored in another field in the database as it has no causal
relation to the TLS keys or c2s/s2c. It would require updating such a field
periodically either from a local process or a remote injection.

I could try to fabricate  a mockup if that would be clearer and/or more
useful.

>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190119/d3f93075/attachment.html>


More information about the devel mailing list