> Sorry, this is plain nonsense. You will not create enough messages for this > to ever be a problem even on a terabit link. And the RFC already asks you to > do a key rollover on a ~day timescale, so you have even less chance to > produce so many messages.
Different keys. The rollover covers K, the server key used to encrypt part of the contents of cookies. The per client-server pair of keys, C2S and S2C don't roll over as long as the connection works reasonably well. I asked about key lifetime on the NTP list and Daniel said we don't have to worry about it. https://mailarchive.ietf.org/arch/msg/ntp/lV74s2I97P8ncJdjsIKvlcAgEG0 > The recommendation for AES-SIV is to encrypt no more than 2**48 > messages under the same key. At one message per second that's almost 9 > million years. If you (unwisely) use AES-GCM instead, where the > recommended limit is 2**32 messages, that's still 136 years. -- These are my opinions. I hate spam. _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
