Gary said. > I think it should be master key "K" and index "I" pairs. Only.
The K includes the length. There are actually 3 algorithms that can be used on the wire or to make cookies. The wire has a slot for which algorithm to use. The internal API is to pass the same routine different key lengths. > Then you need a date/time with K/I pairs. You need that even if you aren't in ratchet mode. Consider a system that gets rebooted. How does ntpd know if it should switch to a new K now or in 24 hours? > I don't think any cookie should ever touch the file system. Ahhh... There is actually a paragraph in the draft that suggests saving a cookie on disk so you can get restarted without having to do the KE dance. I think it's marked SHOULD. There aren't any helpful comments about how to figure out when to save a new cookie. That's on the back burner for now. -- These are my opinions. I hate spam. _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
