Gary said: > The client does not update his cookie(s), he just asks the NTS-KE for new > ones when the NTPD NAKs the one he has been using.
Not quite. An important idea is that cookies are only used once. That prevents bad guys from tracking you. In the normal case, the client sends a cookie and gets back an encrypted cookie. The client starts with 8 cookies. If a packet gets lost, the next request includes a single cookie-please slot. The server returns an extra cookie so the client is back to 8. The cookie-please slot has the same length as a cookie slot so you can't use cookie-please as an amplifier. If more then 1 packet has been lost, more then one cookie-please slots can be sent. If 8 packets are lost, the client has to go through NTS-KE again. -- These are my opinions. I hate spam. _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
