Gary said: > Only if you figure out how to not have a huge daily rush to rekey.
Under normal conditions, there is never any need to rekey. The server holds 2 cookie keys. When it makes a new key, the current key gets moved to the old key and the previous old key is lost. Cookies using either the new or old key will work. When the client uses an old key, it gets back a new key. So as long as the client polling interval is fast enough, it gets new keys while all its old keys still work. The keys are saved on disk so you can restart the server without rekey problems. If that doesn't make sense, I'll try again. 8*1024 is less then 24 hours. So it will be fine. It's not less than 1 hour so we get to test things. -------- > Ah, Gentoo unstable updated to openssl 1.1.0j on March 6th. > Do I need any change in basic NTPsec build? It should just build and work. The server ask, require, expire, cert, and ca options are not implemented. I wanted the ca option, but it's not simple to implement. I'll have to think about it. -- These are my opinions. I hate spam. _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
