<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
Someone wondered what the changes in draft 16 were. Aside from date
update miscellanea the only change is in section 9.3.<br>
<br>
This paragraph:<br>
<pre class="newpage"> Do not process time packets from servers if the time computed from
them falls outside the validity period of the server's
certificate. However, clients should not perform a new NTS-KE
handshake solely based on the fact that the certificate used by
the NTS-KE server in a previous handshake has expired, if the
client has previously received valid NTS protected NTP replies
that lay within the certificate's validity time.
</pre>
<br>
Was changed to this:<br>
<pre class="newpage"> NTP time replies are expected to be consistent with the NTS-KE TLS
certificate validity period, i.e. time replies received
immediately after an NTS-KE handshake are expected to lie within
the certificate validity period. Implementations are recommended
to check that this is the case. Performing a new NTS-KE handshake
based solely on the fact that the certificate used by the NTS-KE
server in a previous handshake has expired is normally not
necessary. Clients that still wish to do this must take care not
to cause an inadvertent denial-of-service attack on the NTS-KE
server, for example by picking a random time in the week preceding
certificate expiry to perform the new handshake.
</pre>
<br>
<div class="moz-signature">-- <br>
<i>"In the end; what separates a Man, from a Slave? Money? Power?
No. A Man Chooses, a Slave Obeys."</i> -- Andrew Ryan
<p>
<i>"Utopia cannot precede the Utopian.
It will exist the moment we are fit to occupy it."</i> --
Sophia Lamb
</p>
<p>
I work for the <a href="https://icei.org/">Internet Civil
Engineering Institute</a>, help us save the Internet from
Entropy!
</p>
</div>
</body>
</html>