On 1/19/19 5:42 PM, Hal Murray via devel wrote: > > I asked on the IETF NTP list. > > [email protected] said: >> On Sat, Jan 19, 2019 at 6:23 AM Hal Murray <[email protected]> wrote: >>> Is that number so large for the algorithms we will use that we don't have to >>> consider it? Assume the client is sending 1 packet per second... If the >>> answer is over 100 years, I'm happy. >> The recommendation for AES-SIV is to encrypt no more than 2**48 messages >> under the same key. At one message per second that's almost 9 million years. >> If you (unwisely) use AES-GCM instead, where the recommended limit is 2**32 >> messages, that's still 136 years.
So enforcing key rollover isn't a concern. The recommended server key rotation is primarily about forward secrecy then, I presume. -- Richard _______________________________________________ devel mailing list [email protected] http://lists.ntpsec.org/mailman/listinfo/devel
