NTS update

Gary E. Miller gem at rellim.com
Wed Mar 20 22:42:49 UTC 2019 

Yo Hal!

On Wed, 20 Mar 2019 15:22:33 -0700
Hal Murray via devel <devel at ntpsec.org> wrote:

> Gary said:
> > Only if you figure out how to not have a huge daily rush to rekey.  
> 
> Under normal conditions, there is never any need to rekey.

We've gone around on that many times before.  We disagree.

Using the same master key (with a ratchet) will eventually give the
attacker enought data to crack it.  Maybe a long, long, time, but in
crypto a long, long, time always cmoes much sooner than expected.


> The server holds 2 cookie keys.  When it makes a new key, the current
> key gets moved to the old key and the previous old key is lost.

So no ratchet?  That would then be a rekey.  A rekey not needing the
NTS-KE.

> Cookies using either the new or  old key will work.  When the client
> uses an old key, it gets back a new key.  So as long as the client
> polling interval is fast enough, it gets new keys while all its old
> keys still work.

What does the spec say for the client to do with the old cookie
when it gets a new cookie?

> The keys are saved on disk so you can restart the server without
> rekey problems.

I guess we have to assume the NTPD host is secure...

> > Ah, Gentoo unstable updated to openssl 1.1.0j on March 6th.
> > Do I need any change in basic NTPsec build?   
> 
> It should just build and work.

I'll try it.
 
> The server ask, require, expire, cert, and ca options are not
> implemented.

Eventually.

> I wanted the ca option, but it's not simple to implement.  I'll have
> to think about it.

Yeah, little is easy with openssl...

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at rellim.com  Tel:+1 541 382 8588

	    Veritas liberabit vos. -- Quid est veritas?
    "If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190320/ac3d01fa/attachment.bin>

More information about the devel mailing list