What's left to doo on NTS
Eric S. Raymond
esr at thyrsus.com
Sat Mar 2 17:52:49 UTC 2019
Gary E. Miller via devel <devel at ntpsec.org>:
> > > The way Mark explained it to me, you want one NTS-KE per aisle, or
> > > per rack. That limits the number of servers, with keys, that need
> > > to be protected.
> >
> > I now think this plan is a mistake and that Hal did the right thing by
> > building key service into ntpd itself.
>
> The opinion that counts is that of Cisco. Anyone asked them?
It hasn't come up. I get the impression their requirements list is not
that fine-grained.
> > If you don't trust that your LAN is secured enough to do that, you
> > can't trust it enough to pass NTS-KE traffic over it either.
>
> Not the LAN, your containers.
I don't understand that.
--
<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
My work is funded by the Internet Civil Engineering Institute: https://icei.org
Please visit their site and donate: the civilization you save might be your own.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190302/d4c5c783/attachment.bin>
More information about the devel
mailing list