Yo Hal! On Thu, 07 Mar 2019 19:11:59 -0800 Hal Murray via devel <devel@ntpsec.org> wrote:
> > If the cookie key file is unexpectedly removed, what other useful
> > option is there? If the file was permanently deleted, there's
> > really nothing to be done but re-create it anyway.
>
> The question is does the admin know something happened.
I don't think any cookie should ever touch the file system.
> > Also, by the way, the cookie key file is storing the multiple
> > cookie keys, right? So it get rewritten as key rotation happens?
>
> Yes.
I think it should be master key "K" and index "I" pairs. Only.
> The draft suggests a way to derive the next key from the current
> key. So with a slight delay while the CPU crunches, you could avoid
> the write by just deriving forward until you got to the right place.
Then you need a date/time with K/I pairs.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
g...@rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
pgpfTN65ELF9j.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
