On Sat, Feb 2, 2019, 5:27 AM Hal Murray via devel <devel@ntpsec.org wrote:
> > > Yes, you'd need implausible to impossible lifetimes of the client/server > > pairing for these to ever become a problem. But again, when key rollover > > gets implemented as indicated in the RFC, those will stop being useful > on the > > second rollover. > > What stops being useful when K rolls over is old cookies. > > C2S and S2C are used to authenticate the packets and also to encrypt new > replacement cookies from server to client. There is no roll over > mechanism > for C2S or S2C. They get refreshed if you go through NTS-KE again, but > that > doesn't happen during normal operations. You need to do something like > drop 8 > packets in a row. > IIRC the previous key is kept for a rotation. Unless you are using something like poll 14+ it shouldn't be a problem. >
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
