NTS, Big picture

[Hal Murray]

Let's step back from SINGLESOCK for a bit and focus on security.

Is the NTS draft-RFC in good enough shape that we can write code now?

I've studied it, but didn't understand things.  My criteria for "understand" 
is that I could explain it to somebody else.  "Write code" might be another 
test.

One of the key areas that I'm missing is the plans for deployment.  Are we 
intending to use the normal certificate distribution mechanism as used by the 
web?  That depends on time.  Is there a way around that?  Do we need our own 
certificate distribution mechanism?  Can we copy what DNSSEC does?  ...

-------

Background:
  I'm working on cleaning up the current shared key code and extending it to 
cover ??? (I forget the term.)  I'm half way done, but got distracted by real 
life.

-- 
These are my opinions.  I hate spam.