The key-manahement argument
Richard Laager
rlaager at wiktel.com
Sat Jan 19 08:43:33 UTC 2019
On 1/19/19 12:05 AM, Eric S. Raymond via devel wrote:
> I think we can fix this by adding a glossary to adoc pinning down the
> terms of the discussion. There probably are too many senses of "key"
> floating around.
The whole discussion is about the definitions, so I can't magically
solve this by adding a glossary.
More general than this particular discussion, repeating things from the
NTS draft in nts.adoc doesn't really accomplish much. I think nts.adoc
should be focusing on the implementation-specific details and decisions.
This would include things like:
* Is NTPsec going to use the suggested cookie format?
* Is NTPsec going to force C2S/S2C key rollover (e.g. by adding an
expiration time to its cookie format) or leave expiration to clients?
* How is NTPsec going to handle key expiration when it is the client?
* What configuration options will be provided for each piece?
* Is NTPsec going to initiate NTS by default?
I've taken a stab at a bunch of edits:
https://gitlab.com/NTPsec/ntpsec/merge_requests/893
--
Richard
More information about the devel
mailing list