First round of my stupid questions about NTS

Gary E. Miller gem at rellim.com
Thu Jan 17 18:47:47 UTC 2019 

Yo Eric!

On Thu, 17 Jan 2019 12:35:55 -0500 (EST)
"Eric S. Raymond via devel" <devel at ntpsec.org> wrote:

> Charlie requests a master key (and possibly initial cookies) daily
> from Delta.

Does he?  Where does the Proposed RFC say that?  It could just be a one
time config file entry.

> It may do so simply by looking in fixed file locations
> for the data.  Is there any plausible scenario in which Charlie and
> Delta must run on different hosts?

I see Alpha and Bravo as the same location.  Not Charlie and Delta.

Any and every data center will split Charlie and Delta.  One NTS-KE
server per aisle and NTPD spread down the aisle.  This is how Mark
initially described it to me.

Charlie may have the keys stored in a special HSM.  Delta is any
random VM spun up and spun down randomly.

> I don't see any requests from Delta to Charlie.  Of course we have
> polling from Alpha to Charlie and (unusually) KODs in the
> other direction.
> 
>    Bravo                       Delta
>    NTS client ---------------> NTS server
>       ^                         ^
>       |                         |
>    Alpha                       Charlie
>    NTP client <--------------> NTP server

I think NTP and NTS are too vague.  I'd rather see NTS-KE and NTPD.


> Does this diagram look correct?

I agree that there may be optional communication from Charlie(s) to
Delta.  Alpha and Bravo are one and the same.

Also left out is that Bravo is likely, in turn, being a Delta.

> I'm leaning towards an organization in which the NTS client code lives
> inside ntpd; this would reduce deployment friction slightly.  Is there
> any scenario in which we'd want to run these pieces on different
> hosts?

I think more than just a slight improvement.

> Note:  Answers by reply email will be good.  Answers edited into
> nts.adoc would be even better.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at rellim.com  Tel:+1 541 382 8588

	    Veritas liberabit vos. -- Quid est veritas?
    "If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190117/9a0fdf31/attachment.bin>

More information about the devel mailing list