<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
<br>
<div class="moz-cite-prefix">On 1/17/19 2:00 PM, Eric S. Raymond
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:20190117200020.GB29765@thyrsus.com">
<pre class="moz-quote-pre" wrap="">Ian Bruene via devel <a class="moz-txt-link-rfc2396E" href="mailto:devel@ntpsec.org"><devel@ntpsec.org></a>:
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">Charlie requests a master key (and possibly initial cookies) daily
from Delta.
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
Cookies wouldn't be part of that. For a start "once a day" would have the
cookies up to tens of thousands of packets out of date (assuming a packet
every second for a client that joined just after the last NTPD-NTS sync).
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
Then what's *your* explanation for "We could also send the initial
cookies over that channel so that only NTP-server knows the cookie
format."
</pre>
</blockquote>
<br>
I don't know.<br>
<br>
If initial cookies need to be transferred it needs to happen right
after the key exchange.<br>
<br>
However I don't know any reason to transfer initial cookies: NTPD
and NTS-KE already know the cookie format or they can't work
together at all. And all the relevant data from a cookie is accessed
by decrypting it with the master key.<br>
<br>
<div class="moz-signature">-- <br>
<i>"In the end; what separates a Man, from a Slave? Money? Power?
No. A Man Chooses, a Slave Obeys."</i> -- Andrew Ryan
<p>
<i>"Utopia cannot precede the Utopian.
It will exist the moment we are fit to occupy it."</i> --
Sophia Lamb
</p>
<p>
I work for the <a href="https://icei.org/">Internet Civil
Engineering Institute</a>, help us save the Internet from
Entropy!
</p>
</div>
</body>
</html>