NTS, Big picture

Hal Murray hmurray at megapathdsl.net
Wed May 30 20:05:37 UTC 2018

Let's step back from SINGLESOCK for a bit and focus on security.

Is the NTS draft-RFC in good enough shape that we can write code now?

I've studied it, but didn't understand things.  My criteria for "understand" 
is that I could explain it to somebody else.  "Write code" might be another 

One of the key areas that I'm missing is the plans for deployment.  Are we 
intending to use the normal certificate distribution mechanism as used by the 
web?  That depends on time.  Is there a way around that?  Do we need our own 
certificate distribution mechanism?  Can we copy what DNSSEC does?  ...


  I'm working on cleaning up the current shared key code and extending it to 
cover ??? (I forget the term.)  I'm half way done, but got distracted by real 

These are my opinions.  I hate spam.

More information about the devel mailing list