Tangle - cookie keys file
Gary E. Miller
gem at rellim.com
Fri Mar 8 06:45:47 UTC 2019
Yo Hal!
On Thu, 07 Mar 2019 22:39:12 -0800
Hal Murray via devel <devel at ntpsec.org> wrote:
> > I cant find that in the Proposed RFC. Got a citation?
>
> Bottom of page 21. Last paragraph of section 5.
Ah, there it is:
"To allow for NTP session restart when the NTS-KE server is
unavailable and to reduce NTS-KE server load, the client SHOULD keep
at least one unused but recent cookie, AEAD keys, negotiated AEAD
algorithm, and other necessary parameters on persistent storage."
I guess the client should save cookies when it gets them. Or
batch them over 64 seconds.
> > And what is the point of storing cookies and K/I pair together?
> > The client has no K/I pair. A server is to regenerate the cookies
> > from K/I pairs. Mixing the roles is bad.
>
> I didn't say anything about "together".
Good. Then we agree they are separate files.
> Mixing the roles doesn't even make sense. The K/I on a system are
> for cookies that clients might use to talk to this server. The
> cookies that should get saved are for use when talking to remote
> servers.
Good, then we agree.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190307/877ebb1e/attachment.bin>
More information about the devel
mailing list