Sharon Goldberg writes: ...
> We believe the NTS KE can be modified to authenticate timing messages > sent in parallel with the KE. Note that this must be done *without* > requiring these initial timing messages to be MAC'd, since before the > KE completes, the client and server will not have a shared symmetric > key. If the two sides already have an ntp.keys file then this key can be used for a MAC, correct? If so, your paragraph can become: We believe the NTS KE can be modified to authenticate timing messages sent in parallel with the KE. Note that this MAY be done *without* requiring these initial timing messages to be MAC'd, since before the KE completes, the client and server will not have a shared NTS-delievered symmetric key. A traditional MAC produced as described in RFC5905 may still be used. correct? H _______________________________________________ TICTOC mailing list [email protected] https://www.ietf.org/mailman/listinfo/tictoc
