ntp.conf changes for NTS

Achim Gratz Stromeko at nexgo.de
Thu Jan 31 21:19:14 UTC 2019


Gary E. Miller via devel writes:
> The C2S and S2C already get reused millions of times, what's a few more
> million?

Both keys should only ever be used by a single client/server pair.
These are symmetric keys, so whoever knows them can encrypt and decrypt
all messages that use them.  So sharing these keys among different
servers would imply trust between them and hopefully we can agree that
different pool servers are in no such relationship.

> But, as you said, the TLS "has" to be renogotiated, so that state is lost
> for the next request.

No, re-keyed -- you specifically want to avoid the TLS renegotiation or
even worse, reconnection.  The session itself stays open.  You could
conceivably just open another connection inside the same session as far
as TLS is concerned.  I don't know which of the two options is more
efficient.


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Factory and User Sound Singles for Waldorf Q+, Q and microQ:
http://Synth.Stromeko.net/Downloads.html#WaldorfSounds



More information about the devel mailing list