ntp.conf changes for NTS

[Achim Gratz]

Gary E. Miller via devel writes:
> The C2S and S2C already get reused millions of times, what's a few more
> million?

Both keys should only ever be used by a single client/server pair.
These are symmetric keys, so whoever knows them can encrypt and decrypt
all messages that use them.  So sharing these keys among different
servers would imply trust between them and hopefully we can agree that
different pool servers are in no such relationship.

> But, as you said, the TLS "has" to be renogotiated, so that state is lost
> for the next request.

No, re-keyed -- you specifically want to avoid the TLS renegotiation or
even worse, reconnection.  The session itself stays open.  You could
conceivably just open another connection inside the same session as far
as TLS is concerned.  I don't know which of the two options is more
efficient.


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Factory and User Sound Singles for Waldorf Q+, Q and microQ:
http://Synth.Stromeko.net/Downloads.html#WaldorfSounds