The key-manahement argument

Richard Laager rlaager at wiktel.com
Sat Jan 19 08:43:33 UTC 2019


On 1/19/19 12:05 AM, Eric S. Raymond via devel wrote:
> I think we can fix this by adding a glossary to adoc pinning down the
> terms of the discussion.  There probably are too many senses of "key"
> floating around.

The whole discussion is about the definitions, so I can't magically
solve this by adding a glossary.

More general than this particular discussion, repeating things from the
NTS draft in nts.adoc doesn't really accomplish much. I think nts.adoc
should be focusing on the implementation-specific details and decisions.

This would include things like:
* Is NTPsec going to use the suggested cookie format?
* Is NTPsec going to force C2S/S2C key rollover (e.g. by adding an
  expiration time to its cookie format) or leave expiration to clients?
* How is NTPsec going to handle key expiration when it is the client?
* What configuration options will be provided for each piece?
* Is NTPsec going to initiate NTS by default?

I've taken a stab at a bunch of edits:
https://gitlab.com/NTPsec/ntpsec/merge_requests/893

-- 
Richard


More information about the devel mailing list