[Git][NTPsec/ntpsec][master] Typos and encrypt new cookies.

Hal Murray gitlab at mg.gitlab.com
Mon Jan 14 11:43:48 UTC 2019


Hal Murray pushed to branch master at NTPsec / ntpsec


Commits:
7a5a9e37 by Hal Murray at 2019-01-14T11:43:11Z
Typos and encrypt new cookies.

- - - - -


1 changed file:

- devel/nts.adoc


Changes:

=====================================
devel/nts.adoc
=====================================
@@ -27,7 +27,9 @@ Thus cookies are only used once.  Each NTP response returns
 a new encrypted cookie.
 
 NTS should not assist DDoS amplification.  All NTP responses
-are the same length as the request.
+are the same length as the request.  This means that some
+fields are padded to match the length of the response that
+will replace them.
 
 == System Partitioning ==
 
@@ -76,12 +78,13 @@ If all goes well (no lost packets) the client sends:
   Authentication using C2S 5.6
 It gets back the same, with the cookie replaced with a new cookie
 and S2C used for authentication.
+New cookies are encrypted with S2C.  Pg 20
 
 All the extra data is in real NTP extensions.  (No more of
-the magic length kludgery for the curret shared key authentication.)
+the magic length kludgery for the current shared key authentication.)
 
 If packets (and hence cookies) are lost, the client will include
-a cookie-placeholder for each cookie it wants.  5.5
+a cookie-placeholder for each extra cookie it wants.  5.5
 Those slots will be returned with new cookies.
 
 The AEAD algorithm is setup to encrypt some data as well as authenticate.



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/7a5a9e3750f54d9e06da6ab62b829f8d6016fe5a

-- 
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/7a5a9e3750f54d9e06da6ab62b829f8d6016fe5a
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20190114/091a0312/attachment.html>


More information about the vc mailing list