First round of my stupid questions about NTS
Eric S. Raymond
esr at thyrsus.com
Thu Jan 17 19:52:18 UTC 2019
Gary E. Miller via devel <devel at ntpsec.org>:
> > Charlie requests a master key (and possibly initial cookies) daily
> > from Delta.
>
> Does he? Where does the Proposed RFC say that? It could just be a one
> time config file entry.
I'm going by what it says in nts.adoc:
"We could also send the initial cookies over that channel
so that only NTP-server knows the cookie format."
> > It may do so simply by looking in fixed file locations
> > for the data. Is there any plausible scenario in which Charlie and
> > Delta must run on different hosts?
>
> I see Alpha and Bravo as the same location. Not Charlie and Delta.
>
> Any and every data center will split Charlie and Delta. One NTS-KE
> server per aisle and NTPD spread down the aisle. This is how Mark
> initially described it to me.
>
> Charlie may have the keys stored in a special HSM. Delta is any
> random VM spun up and spun down randomly.
OK, I'm adding this to nts.adoc.
> I think NTP and NTS are too vague. I'd rather see NTS-KE and NTPD.
Please do this edit yourself so I can be certain it conveys your mental model
> Also left out is that Bravo is likely, in turn, being a Delta.
True, but not reslevant to the purpose of this diagram.
--
<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
My work is funded by the Internet Civil Engineering Institute: https://icei.org
Please visit their site and donate: the civilization you save might be your own.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190117/d44571f4/attachment.bin>
More information about the devel
mailing list