NTS update
Hal Murray
hmurray at megapathdsl.net
Wed Mar 20 23:00:55 UTC 2019
Gary said:
>>> Only if you figure out how to not have a huge daily rush to rekey.
>> Under normal conditions, there is never any need to rekey.
> We've gone around on that many times before. We disagree.
> Using the same master key (with a ratchet) will eventually give the attacker
> enought data to crack it. Maybe a long, long, time, but in crypto a long,
> long, time always cmoes much sooner than expected.
We've got word troubles here. I was using "rekey" in the sense of using
NTS-KE to get new cookies since that seemed to be what you used it for.
If you want to have a discussion about ratchet, we can do that. Please start
a new thread. The crypto details are above my pay grade. The current code
uses random, but I think the code is setup so it would be easy to switch to
ratchet.
> So no ratchet? That would then be a rekey. A rekey not needing the NTS-KE.
The client doesn't know anything about ratchet or anything else about the
cookies.
As long as the old cookies on the client are used in NTP packets soon enough
and hence traded in for new cookies, there is no need for a NTS-KE type rekey.
--
These are my opinions. I hate spam.
More information about the devel
mailing list