> It is actually allowed to re-use cookies, specifically if it wants to avoid > that re-keying. Whether that's a good idea is debatable, but the server > doesn't know either way and the decision is up to the client.
Right. I think we should make a "no reuse" decision. We want that option for no-tracking. We can't just keep reusing the first cookie we get since the master key will get updated occasionally. Next time somebody is editing, please add a no-reuse note at the bottom. > BTW, the number eight is not arbitrary: that is exactly the number of packets > a burst poll would use. The normal case is that the client gets back a response before it sends the next request in the burst, so it only needs 1 cookie to start with. -- These are my opinions. I hate spam. _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
