On 2/3/19 8:17 AM, Eric S. Raymond via devel wrote: > Hal Murray <hmur...@megapathdsl.net>: >> Please verify with a TLS wizard that you can do what you are describing with >> OpenSSL. I've poked around a bit and don't know how to do that. > > My plan is to brute-force the problem. Rather than trying to beat TLS into > talking en clair, I'll make 'enclair' change the socket-fu so TLS never > gets involved at all, the NTS-KE traffic goes over a bare socket.
This enclair option will only be useful for very early testing (and can then be removed). You specifically need a TLS session for NTS-KE to derive C2S and S2C. Specifically, you will be calling SSL_export_keying_material() with values as described starting in section 4.2. The NTS-KE client and server will run the same function on the same TLS session with the same inputs, and each gets C2S and S2C. The client will keep C2S/S2C in memory for the lifetime of the association. The server will encrypt C2S/S2C into a cookie, which is passed to the client and later echoed back, so the server is stateless. -- Richard _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
