What's left to doo on NTS

Hal Murray hmurray at megapathdsl.net
Wed Mar 6 08:33:29 UTC 2019


dfoxfranke at gmail.com said:
> The intended design for running NTS with pool servers is that only the pool
> operator runs an NTS-KE server. The NTS-KE server then picks an NTS-enabled
> NTP server out of the pool and serves you an appropriate NTPv4 Server
> Negotiation Record. Individual server operators, on a one-time basis,
> establish a shared secret with the pool operator out-of-band; this secret is
> used as the master key for creating and decrypting cookies.

It's amazing what you see when you start actually writing code.

For that description to work, both the NTS-KE server and the NTP server have 
to use the same cookie recipe and same new key recipe.

Section 6 is "Suggested Format for NTS Cookies"  "Suggested" isn't strong 
enough for interoperability.  The key rotation recipe is in there too.



-- 
These are my opinions.  I hate spam.





More information about the devel mailing list