[ntpsec commit] Add a definition for "proventic".

Eric S. Raymond esr at ntpsec.org
Sun Oct 18 17:23:12 UTC 2015


Module:    ntpsec
Branch:    master
Commit:    cb3ba8458144d08aa772904b9e841fa10f0e3552
Changeset: http://git.ntpsec.org/ntpsec/commit/?id=cb3ba8458144d08aa772904b9e841fa10f0e3552

Author:    Eric S. Raymond <esr at thyrsus.com>
Date:      Sun Oct 18 13:23:03 2015 -0400

Add a definition for "proventic".

---

 docs/includes/ntpkeygen-body.txt | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/docs/includes/ntpkeygen-body.txt b/docs/includes/ntpkeygen-body.txt
index 2ea11cd..96b3d35 100644
--- a/docs/includes/ntpkeygen-body.txt
+++ b/docs/includes/ntpkeygen-body.txt
@@ -112,13 +112,15 @@ message digest type supported by the OpenSSL library can be specified
 using the +-c+ option.
 
 The rules say cryptographic media should be generated with proventic
-filestamps, which means the host should already be synchronized before
-this program is run. This of course creates a chicken-and-egg problem
-when the host is started for the first time. Accordingly, the host time
-should be set by some other means, such as eyeball-and-wristwatch, at
-least so that the certificate lifetime is within the current year. After
-that and when the host is synchronized to a proventic source, the
-certificate should be re-generated.
+filestamps (that is, with file timestamps derived from a chain of
+timeservers authenticated back to Stratum 1). This means the host
+should already be synchronized before this program is run. This of
+course creates a chicken-and-egg problem when the host is started for
+the first time. Accordingly, the host time should be set by some other
+means, such as eyeball-and-wristwatch, at least so that the
+certificate lifetime is within the current year. After that and when
+the host is synchronized to a proventic source, the certificate should
+be re-generated.
 
 Additional information on trusted groups and identity schemes is on the
 link:autokey.html[Autokey Public-Key Authentication] page.



More information about the vc mailing list