Hal Murray via devel writes: >> While I don't know what the rationale was for the RFC, it still makes sense >> to provide a client with enough cookies so it can fire off the initial burst >> w/o re-keying even if all responses get lost. > > The NTS-KE section has a SHOULD return 8 keys, but only 1 is required.
An RFC has very specific language (it's explained at the start). "SHOULD" in all caps in this case essentially means that NTS-KE is strongly expected to serve 8 initial cookies, but a client must not fail if it doesn't. That's not a pass for implementing an NTS-KE which generally delivers only a single cookie or some other number below eight. Again, there likely is a rationale for not chosing MUST (e.g. for a specific use scenarios inside a datacenter, or maybe IoT applications like metering), maybe Daniel could explain. Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ Wavetables for the Waldorf Blofeld: http://Synth.Stromeko.net/Downloads.html#BlofeldUserWavetables _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
