Next release
Richard Laager
rlaager at wiktel.com
Wed Nov 20 19:11:34 UTC 2019
On 11/20/19 6:32 AM, Hal Murray via devel wrote:
> What is the long term importance of shared keys? (old authentication) Is it
> useful/important to have a backup that doesn't use OpenSSL and doesn't depend
> on certificates? (we do use their crypto library)
I don't use them, so that biases my opinion. That said, I think it
should go away at some point in favor of NTS. However, there are a
couple of concerns that I can think of:
1) Shared key authentication does not have the time-based bootstrapping
problems relating to certificate validation that NTS does. At a minimum,
we need to implement something there. I've made a proposal previously.
2) Important time services (e.g. NIST and the like) supposedly offer
shared-key time service. Unless/until they support NTS, it may not be an
alternative if people want traceability to official time.
--
Richard
More information about the devel
mailing list