NTS: config and initialization
Gary E. Miller
gem at rellim.com
Fri Mar 8 03:45:38 UTC 2019
Yo Hal!
On Thu, 07 Mar 2019 19:36:00 -0800
Hal Murray via devel <devel at ntpsec.org> wrote:
> The client side is easy: just add "nts" to the server line. There
> are no parameters needed so the initialization for the client side
> just works.
How does it know which of the myriad locations that the CA and
intermediate certs can be installed in to use?
> For the server side, we have "nts enable". We should probably change
> that to "nts enable-server".
>
> The server side needs 3 files:
> server certificate
> private key for the certificate
What about the password to the private key file?
> the keys to make/decode cookies
I assume you mean master key "K" and index "I" pairs?
> Currently, it crashes if it can't get the certificate or private key.
Not so bad. It should exit violently. Just with explicit texzt.
> I'll set things up so it will create the cookie key file if it can't
> read it. That's easy to change.
Why do you need a cookie file? I would think those should never be
stored. Ever.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190307/34145de8/attachment.bin>
More information about the devel
mailing list