Tangle - cookie keys file
Achim Gratz
Stromeko at nexgo.de
Thu Mar 7 20:13:47 UTC 2019
Hal Murray via devel writes:
> They are needed to use old cookies after restarting ntpd.
I'd not go there. If you do a cold restart, you lose the cryptographic
state, end of story. Now, doing a warm restart that doesn't lose all
state is something that's useful independent of the topics around NTS,
but it would likely solve this problem, too.
> A side benefit is that it enables something like a KE server for a pool.
I don't think so either. You will have to have a key per NTS-KE to NTS
pairing. You don't want to persist keys to disk, not in unencrypted
form anyway… which ends up requiring some sort of an extra layer of key
management just for the persisted keys that has to come from somewhere
else. Both ends of that association will need to have TLS certificates
anyway, so I still think that the most useful way to create keys are via
the TLS session facilities. Persisting TLS sessions is a thing, but
again the problem of storing the requisite data (session identifiers or
tickets) rears its head. But at least this data is useless on a
different machine due to failing the certificate check.
Regards,
Achim.
--
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+
Factory and User Sound Singles for Waldorf rackAttack:
http://Synth.Stromeko.net/Downloads.html#WaldorfSounds
More information about the devel
mailing list