NTS, Big picture
hmurray at megapathdsl.net
Wed May 30 20:05:37 UTC 2018
Let's step back from SINGLESOCK for a bit and focus on security.
Is the NTS draft-RFC in good enough shape that we can write code now?
I've studied it, but didn't understand things. My criteria for "understand"
is that I could explain it to somebody else. "Write code" might be another
One of the key areas that I'm missing is the plans for deployment. Are we
intending to use the normal certificate distribution mechanism as used by the
web? That depends on time. Is there a way around that? Do we need our own
certificate distribution mechanism? Can we copy what DNSSEC does? ...
I'm working on cleaning up the current shared key code and extending it to
cover ??? (I forget the term.) I'm half way done, but got distracted by real
These are my opinions. I hate spam.
More information about the devel