Hal Murray via devel writes: > The client starts with 8 cookies. If a packet gets lost, the next request > includes a single cookie-please slot. The server returns an extra cookie so > the client is back to 8. The cookie-please slot has the same length as a > cookie slot so you can't use cookie-please as an amplifier. If more then 1 > packet has been lost, more then one cookie-please slots can be sent. > > If 8 packets are lost, the client has to go through NTS-KE again.
It is actually allowed to re-use cookies, specifically if it wants to avoid that re-keying. Whether that's a good idea is debatable, but the server doesn't know either way and the decision is up to the client. BTW, the number eight is not arbitrary: that is exactly the number of packets a burst poll would use. Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ DIY Stuff: http://Synth.Stromeko.net/DIY.html _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
