On 1/17/19 7:11 PM, Hal Murray via devel wrote:
Do both NTP-server and NTS-KE-server have to know the new-cookie recipe? Does
NTS-KE-server need the master key for anything other than generating cookies?
Does it work if only the NTP-server has the master key and the NTS-KE-server
gets cookies and S2C and C2S from the NTP server?
NTS-KE needs cookie generation because it has to render onto the client
the initial cookie stock.
NTPD needs cookie generation because it needs to replace cookies as they
are used.
If you make only one of them a cookie generator then the other side is
now always dependent on the generator.
--
/"In the end; what separates a Man, from a Slave? Money? Power? No. A
Man Chooses, a Slave Obeys."/ -- Andrew Ryan
/"Utopia cannot precede the Utopian. It will exist the moment we are fit
to occupy it."/ -- Sophia Lamb
I work for the Internet Civil Engineering Institute <https://icei.org/>,
help us save the Internet from Entropy!
_______________________________________________
devel mailing list
devel@ntpsec.org
http://lists.ntpsec.org/mailman/listinfo/devel
