[Git][NTPsec/ntpsec][master] Change NTS cookie rotation to 24 hours
Hal Murray
gitlab at mg.gitlab.com
Sat Aug 24 09:04:36 UTC 2019
Hal Murray pushed to branch master at NTPsec / ntpsec
Commits:
ec994078 by Hal Murray at 2019-08-24T08:23:01Z
Change NTS cookie rotation to 24 hours
It used to be an hour. That allowed testing of recovery
from cookies with stale keys.
- - - - -
2 changed files:
- NEWS
- ntpd/nts_cookie.c
Changes:
=====================================
NEWS
=====================================
@@ -24,6 +24,9 @@ vendor having utterly vanished from the face of the earth.
The NTS ALPN negotiation sequence has been modified for improved
interoperability with orther NTS implementations.
+NTS key rotation now happens every 24 hours. It used to rotate
+every hour to enable testing of recovery from stale cookies.
+
== 2019-07-10: 1.1.6 ==
Fixes to code quality checks.
=====================================
ntpd/nts_cookie.c
=====================================
@@ -131,9 +131,11 @@ bool nts_cookie_init2(void) {
* That allows a cluster NTS-KE server to keep in sync
* if we use ratchet rather than random.
*/
-// #define SecondsPerDay 86400 FIXME
-// Shorter for debugging
-#define SecondsPerDay 3600
+#define SecondsPerDay (24*60*60)
+// Set this shorter for debugging
+// keys will timeout, packets will get dropped
+// after 8 lost packets, it should go through the NTS-KE dance again
+// #define SecondsPerDay 3600
void nts_timer(void) {
time_t now;
if (0 == K_time) {
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/ec9940786b073ccaae184996047d723d3726abc2
--
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/ec9940786b073ccaae184996047d723d3726abc2
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20190824/4a4037f0/attachment-0001.htm>
More information about the vc
mailing list