Yo Hal! On Wed, 20 Mar 2019 16:53:05 -0700 Hal Murray via devel <devel@ntpsec.org> wrote:
> >> As long as the old cookies on the client are used in NTP packets
> >> soon enough and hence traded in for new cookies, there is no need
> >> for a NTS-KE type rekey.
>
> > Yeah, I had missed that. So I agree your concept looks good so
> > far.
>
> Not my concept. Straight out of the book. (draft?)
No, the draft suggest s ratchet. You are not doing a ratchet.
> > But the NTS-KE master key (K) has to match the NTPD master key (K).
> > So they are one and the same effect.
>
> That's easy when they are running in the same process.
And hard when we have to go beyond that. Remember the use case is
one NTS-KE to many NTPD.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
g...@rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
pgpbgnMdoYDql.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
