Yo Hal! On Thu, 07 Mar 2019 22:39:12 -0800 Hal Murray via devel <devel@ntpsec.org> wrote:
> > I cant find that in the Proposed RFC. Got a citation?
>
> Bottom of page 21. Last paragraph of section 5.
Ah, there it is:
"To allow for NTP session restart when the NTS-KE server is
unavailable and to reduce NTS-KE server load, the client SHOULD keep
at least one unused but recent cookie, AEAD keys, negotiated AEAD
algorithm, and other necessary parameters on persistent storage."
I guess the client should save cookies when it gets them. Or
batch them over 64 seconds.
> > And what is the point of storing cookies and K/I pair together?
> > The client has no K/I pair. A server is to regenerate the cookies
> > from K/I pairs. Mixing the roles is bad.
>
> I didn't say anything about "together".
Good. Then we agree they are separate files.
> Mixing the roles doesn't even make sense. The K/I on a system are
> for cookies that clients might use to talk to this server. The
> cookies that should get saved are for use when talking to remote
> servers.
Good, then we agree.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
g...@rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
pgpNDEPzd2APR.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
