Tangle - cookie keys file
Gary E. Miller
gem at rellim.com
Thu Mar 7 18:56:04 UTC 2019
Yo Achim!
On Thu, 07 Mar 2019 19:41:05 +0100
Achim Gratz via devel <devel at ntpsec.org> wrote:
> Hal Murray via devel writes:
> > Where should we put the file used to store the key used to make
> > cookies? It gets read at startup and updated daily.
>
> Nowhere. Those keys are ephemeral and shouldn't be stored at all,
> except maybe for debugging.
Not required, but it would be nice if the ntpd server could restart
without losing all its cookies.
If the master key is not in a file, how does it get into the ntpd?
I guess is the NTS-KE server and NTPD server are one in the same the
master key could be pulled from /dev/random. But what if they
are aon different hosts?
> > Fedora and Debian put things like that in /var/lib/ntp/
> > NetBSD and FreeBSD put them in /var/db/ntp/
>
> Nope, the place for that sort of stuff is /var/run.
/var/run does not persist after a reboot. At least on gentoo. I'd like
to be able to do a quick reboot and not lose all the cookies based on
the current master key.
If we lose the master key, we lose all the cookies based on it, so then
we get a big inrush of NTS-KE requests for cookies.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190307/90864811/attachment.bin>
More information about the devel
mailing list