NTS update

Gary E. Miller gem at rellim.com
Wed Mar 20 23:05:35 UTC 2019 

Yo Hal!

On Wed, 20 Mar 2019 16:00:55 -0700
Hal Murray via devel <devel at ntpsec.org> wrote:

> Gary said:
> >>> Only if you figure out how to not have a huge daily rush to
> >>> rekey.  
> >> Under normal conditions, there is never any need to rekey.  
> > We've gone around on that many times before.  We disagree.
> > Using the same master key (with a ratchet) will eventually give the
> > attacker enought data to crack it.  Maybe a long, long, time, but
> > in crypto a long, long, time always cmoes much sooner than
> > expected.  
> 
> We've got word troubles here.  I was using "rekey" in the sense of
> using NTS-KE to get new cookies since that seemed to be what you used
> it for.

But the NTS-KE master key (K) has to match the NTPD master key (K).
So they are one and the same effect.

So we likely need a lexicon, an issue brought up before...

> If you want to have a discussion about ratchet, we can do that.
> Please start a new thread.  The crypto details are above my pay
> grade.  The current code uses random, but I think the code is setup
> so it would be easy to switch to ratchet.

Not gonna open that can of worms as long as you use random keys
changed "often".

> > So no ratchet?  That would then be a rekey.  A rekey not needing
> > the NTS-KE.   
> 
> The client doesn't know anything about ratchet or anything else about
> the cookies.

Yup.

> As long as the old cookies on the client are used in NTP packets soon
> enough and hence traded in for new cookies, there is no need for a
> NTS-KE type rekey.

Yeah, I had missed that.  So I agree your concept looks good so far.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at rellim.com  Tel:+1 541 382 8588

	    Veritas liberabit vos. -- Quid est veritas?
    "If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190320/b9bac840/attachment.bin>

More information about the devel mailing list