What's left to doo on NTS
Achim Gratz
Stromeko at nexgo.de
Sat Mar 2 14:55:45 UTC 2019
Hal Murray via devel writes:
> Gary said:
>> It is missing key rotation. Also how to share keys between standalone NTS-KE
>> and NTPD.
>
> Why do we need a standalone NTS-KE server?
Because you only want one NTS-KE per any number of ntpd on a large fleet
of hardware (think a warehouse full of compute racks) and of course the
NTP pool servers will not work with NTS any other way.
> I don't understand that use case. Without checking the certificate,
> you have no real security.
Ack. Plus you can set up so that the validation never leaves the local
network if that's a requirement. I didn't say "easily" because I've not
yet tried, but in any case you shouldn't shut off validation, but rather
configure the path it takes.
Regards,
Achim.
--
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+
SD adaptation for Waldorf rackAttack V1.04R1:
http://Synth.Stromeko.net/Downloads.html#WaldorfSDada
More information about the devel
mailing list