NTS update

[Hal Murray]

Gary said:
> I' waiting for Gentoo to have the required openssl version.

It should work -- unless Gentoo is using something really pre-historic.  There 
are a handful of #ifdef-s to handle old versions.  NetBSD 8 ships with 1.0.2k. 
 I test that.  It builds on 1.0.1, but I'd have to check to see how much 
testing I've done with that.

The only potentially interesting quirk I know about is that older versions 
don't support ALPN which the draft says is REQUIRED.  But nobody uses that 
yet, so...

[New cookie timer set to an hour rather than a day.]
> What I am worried bout is inrush to the NTS-KE server.
> ...

No problem.  Old cookies work for another cycle.  So if the polling interval 
is faster than 3600/8 they work without any extra NTS-KE.

The hour is only a hack for debugging.  We will set it to a day before 
release.  (or sooner if the log clutter gets too annoying and/or I'm convinced 
everything is working)


-- 
These are my opinions.  I hate spam.