The server side needs a cookie and private key.
The K and I used to encrypt cookies is a hack constant so old cookies work over server reboots. The client side defaults to using the system root certificates. You can provide your own. With the NTS flag, the client side tries NTS-KE, and drops into normal mode if that doesn't work. If it does work, it sends NTS packets until it runs out of cookies. Then it drops into normal mode. The code to ask for extra cookies doesn't exist yet. If it gets started, it will run in NTS mode until 8 packets get lost. -- These are my opinions. I hate spam. _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
