Yo Hal! On Fri, 18 Jan 2019 02:16:33 -0800 Hal Murray via devel <[email protected]> wrote:
> Gary said:
> >>> Just look to the SSL/TLS mess for how upwardly compatible change
> >>> in crypto can be badly managed.
> >> That's a public API. The cookie format is private.
> > Uh. lost me?
>
> SSL/TLS is documented in various RFCs. That's what public means. We
> expect systems written by different groups to interoperate so all the
> details need to be documented.
Of course, so I am still not sure of your point?
> Only the NTP server needs to know the format of a cookie. It doesn't
> need to be documented. That's what private means.
But it is a LOT more efficient if the NTS-KE servers does as well.
> If you want the NTS-KE server to generate initial cookies rather than
> asking the NTP server for them, then you have to bundle the NTS-KE
> server with the NTP server.
Uh, no....
> That makes them semi-private. You have
> to keep both ends in sync.
Mostly. And easy if they use the same library.
> But we already have to keep both ends in sync since the the protocol
> between NTS-KE server and NTP server is also private.
Uh, we do not have an NTS-KE -> NTPD server protocol yet. May never
need one.
> Same for NTP
> client and NTS-KE client. We could document those if we wanted to
> give the admin more choices.
I've always assumed the NTP client and NTS-KE client are one and the
same. Since booth need to handle the cookies it makes no sense to
overcomplicate the client end.
> That all assumes we are packaging NTS-KE server and NTS-KE client as
> separate run time programs.
Certainly not my assumption.
> That seems unlikely for the client.
Lost me. I could parse that sentence more than one way...
> It's also unlikely for the initial server, but reasonably likely for
> the future.
I'm having trouble expanding your reuse of 'it' to mean different things...
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
[email protected] Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
pgpYqxSDyG4Si.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list [email protected] http://lists.ntpsec.org/mailman/listinfo/devel
