Yo Hal! On Thu, 17 Jan 2019 17:54:28 -0800 Hal Murray via devel <[email protected]> wrote:
> Ian Bruene said:
> > NTS-KE needs cookie generation because it has to render onto the
> > client the initial cookie stock.
>
> Right. But it doesn't actually have to generate them itself. It
> could also get them from the NTP-server.
True.
> The idea is to take advantage of a connection to the NTP-server to
> offload as much complexity as possible.
Seems more comples to me. Now there are a ton of cookies that the
NTS-KE has to store, and yet another connection protocol.
> What does the NTP-KE-server
> do with the master key?
Make cookies.
> Can we push all that to the NTP-server?
Can? Yes. Good idea? No.
> I think what I'm proposing is that NTP-KE-server is minimal. Can we
> make it just a TLS wrapper on an initial connection from NTP-client
> (via NTS-KE-client) to NTP-server?
Minimal, except now a large cookie storage acquisition and storage
problem. This could be tens of thousands of cookies!
> I like Gary's suggestion of making most of the NTS-KE-client a
> library so we can package it stand alone or with NTP-client. I think
> the same applies to NTS-KE-server.
Maybe parts of it, but only the NTS-KE needs to have a TLS server.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
[email protected] Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
pgpd9bmGQfUCZ.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list [email protected] http://lists.ntpsec.org/mailman/listinfo/devel
