On Wed, Feb 20, 2019 at 12:48 AM Hal Murray via devel <devel@ntpsec.org> wrote: > The K and I used to encrypt cookies is a hack constant so old cookies work > over server reboots.
I assume this is temporary while you work on this code, right? Obviously if K is a hardcoded constant you have no security. > With the NTS flag, the client side tries NTS-KE, and drops into normal mode if > that doesn't work. If it does work, it sends NTS packets until it runs out of > cookies. Then it drops into normal mode. Don't do that. Not even temporarily, not even as an option, not even "opportunistically". If an adversary can force a client out of NTS mode by dropping a few NTS packets, then NTS has no value. _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
