Yo Richard! On Sat, 2 Feb 2019 17:57:12 -0600 Richard Laager via devel <devel@ntpsec.org> wrote:
> On 2/2/19 3:29 PM, Gary E. Miller via devel wrote:
> > Nothing says that a single cookie could not be used by a farm of
> > clients to push the cookies per second into the thousands.
>
> The cookie, or more importantly the C2S and S2C inside of it, which is
> what we are discussing here, comes from a single NTS-KE TLS session,
> which by definition is for a single client.
Yes, but not enforceable. So the definition is useless. Nothing to
stop a black-, white- or gray-hat from using the same cookie over
and over on hundreds of servers. The life limit of many current
ciphers can be reached in days if you are NSA. Or China.
Not easy, but hackers have been very clever.
Since there are known limits, however far fetched they seem today, they
should be enforced.
The Germans and Japanese learned this the hard way way back in WWII. Do
not repeat the known failures of the past. This stuff is serious.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
g...@rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
pgpAPK45HRBRy.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
