dfoxfra...@gmail.com said: >> The K and I used to encrypt cookies is a hack constant so old >> cookies work over server reboots. > I assume this is temporary while you work on this code, right? Obviously if K > is a hardcoded constant you have no security.
Right. Total hack to allow debugging the NTS extensions. They seemed like the long pole in the tent. I'll nuke that code as soon as we get the code to save/restore K/I from disk working. [Fall back to non-NTS mode when run out of cookies] > Don't do that. Not even temporarily, not even as an option, not even > "opportunistically". If an adversary can force a client out of NTS mode by > dropping a few NTS packets, then NTS has no value. Again. It's a hack to allow debugging without breaking things. -- These are my opinions. I hate spam. _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
