What's left to doo on NTS
Eric S. Raymond
esr at thyrsus.com
Mon Mar 4 10:32:55 UTC 2019
Hal Murray via devel <devel at ntpsec.org>:
> Eric said:
> > Trying to change that by breaking out a separate NTS-KE server would
> > introduce a lot of complexity when we could achieve the same result by
> > pointing the ntpd instances at a common key on a fileshare.
>
> That adds the fileshare to the security tangle and probably complicates the
> startup dance.
True, but you have to set that against the additional complexity of having
another program to deploy and manage.
We're going to pay in complexity either way. I think the route you've
implicitly chosen is better.
--
<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
My work is funded by the Internet Civil Engineering Institute: https://icei.org
Please visit their site and donate: the civilization you save might be your own.
More information about the devel
mailing list