What's left to doo on NTS
Daniel Franke
dfoxfranke at gmail.com
Wed Mar 6 12:06:08 UTC 2019
On Wed, Mar 6, 2019, 03:33 Hal Murray <hmurray at megapathdsl.net> wrote:
>
> dfoxfranke at gmail.com said:
> > The intended design for running NTS with pool servers is that only the
> pool
> > operator runs an NTS-KE server. The NTS-KE server then picks an
> NTS-enabled
> > NTP server out of the pool and serves you an appropriate NTPv4 Server
> > Negotiation Record. Individual server operators, on a one-time basis,
> > establish a shared secret with the pool operator out-of-band; this
> secret is
> > used as the master key for creating and decrypting cookies.
>
> It's amazing what you see when you start actually writing code.
>
> For that description to work, both the NTS-KE server and the NTP server
> have
> to use the same cookie recipe and same new key recipe.
>
> Section 6 is "Suggested Format for NTS Cookies" "Suggested" isn't strong
> enough for interoperability. The key rotation recipe is in there too.
>
That's correct: ensuring interop between differing implementations of the
NTS-KE server and the NTP server is outside the scope of this document.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190306/f7455d7e/attachment.html>
More information about the devel
mailing list