Yo Richard! On Fri, 18 Jan 2019 20:24:15 -0600 Richard Laager via devel <[email protected]> wrote:
> On 1/18/19 8:21 PM, Gary E. Miller via devel wrote:
> > Once again: there is no TLS session between NTPD client and NTPD
> > server.
>
> As I quoted, from section 1.2 of draft-ietf-ntp-using-nts-for-ntp-15:
>
> "The client connects to an
> NTS-KE server on the NTS TCP port and the two parties perform a TLS
> handshake. Via the TLS channel, ..."
I know you said that.
You are talking about the NTS-KE to NTPD server connection.
I am talking about the NTPD client to NTPD server connection.
Since they both need to work the same way we need to look at them
at the same time.
> Am I reading the wrong draft?
No, just reading it wrong.
Looked at yet another way, the draft suggest to rotate the master key
once a day, same master key on NTS-server and NTPD server. But TLS
uses a new master key every connection.
How do you propose that the NTS-KE (with TLS) and NTPD (without TLS)
server share the same master key for one day using a master key from
ephmeral TLS connections to the NTS-KE?
Can't fit a round peg in the square hole.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
[email protected] Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
pgpg6r0UGXlG6.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list [email protected] http://lists.ntpsec.org/mailman/listinfo/devel
