On Wed, Mar 6, 2019, 03:33 Hal Murray <hmur...@megapathdsl.net> wrote:
> > dfoxfra...@gmail.com said: > > The intended design for running NTS with pool servers is that only the > pool > > operator runs an NTS-KE server. The NTS-KE server then picks an > NTS-enabled > > NTP server out of the pool and serves you an appropriate NTPv4 Server > > Negotiation Record. Individual server operators, on a one-time basis, > > establish a shared secret with the pool operator out-of-band; this > secret is > > used as the master key for creating and decrypting cookies. > > It's amazing what you see when you start actually writing code. > > For that description to work, both the NTS-KE server and the NTP server > have > to use the same cookie recipe and same new key recipe. > > Section 6 is "Suggested Format for NTS Cookies" "Suggested" isn't strong > enough for interoperability. The key rotation recipe is in there too. > That's correct: ensuring interop between differing implementations of the NTS-KE server and the NTP server is outside the scope of this document. >
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
