More word to nts.adoc

Gary E. Miller gem at rellim.com
Mon Jan 14 19:11:55 UTC 2019


Yo Hal!

On Mon, 14 Jan 2019 03:50:49 -0800
Hal Murray via devel <devel at ntpsec.org> wrote:

> You said "encrypts the rest of the data"
> I think we are authenticating rather than encrypting.

Check out the definition of AEAD.  It is an encrypt, then hash, function.
So you get both.  Plus the option of some unencrypted, but also hashed,
data on the side.

> Gary: A few days ago, we were discussing storing the master keys on
> disk so the NTP-S and NTS-S boxes didn't need a (network)
> communication channel.

Yes, a possibility.  Also very important on reboot to have the
master keys, or maybe just some cookies, for a quick start.

>  I think we want to be able to put a
> communication channel in there.

Of course.  I see that NTS-KE <-> NTPD communication channell adding
a lot of features.  But not required on day one.

> Consider: One NTS server for
> multiple NTP clients. Multiple NTS servers supporting the same name
> for load sharing or better routing.

Of course, but not required on day one.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at rellim.com  Tel:+1 541 382 8588

	    Veritas liberabit vos. -- Quid est veritas?
    "If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190114/96548db0/attachment.bin>


More information about the devel mailing list