dfoxfra...@gmail.com said: > The intended design for running NTS with pool servers is that only the pool > operator runs an NTS-KE server. The NTS-KE server then picks an NTS-enabled > NTP server out of the pool and serves you an appropriate NTPv4 Server > Negotiation Record. Individual server operators, on a one-time basis, > establish a shared secret with the pool operator out-of-band; this secret is > used as the master key for creating and decrypting cookies.
It's amazing what you see when you start actually writing code. For that description to work, both the NTS-KE server and the NTP server have to use the same cookie recipe and same new key recipe. Section 6 is "Suggested Format for NTS Cookies" "Suggested" isn't strong enough for interoperability. The key rotation recipe is in there too. -- These are my opinions. I hate spam. _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
