On Tue, Sep 11, 2012 at 12:49:09PM +0200, Nico Golde wrote: > Hi, > * Ask Bjørn Hansen <a...@ntppool.org> [2012-09-11 01:01]: > > On Sep 10, 2012, at 15:07, Kurt Roeckx <k...@roeckx.be> wrote: > > [...] > > > So my understanding of things is that even if we also had > > > a way to distribute all the public keys, you still can't > > > get it to work as you need to provide each client with > > > a secret key. > > > > > > I think what first needs to be done is have an autokey > > > implementation that either doesn't need a private key for > > > each client but is secure or doesn't need state on the > > > server side for each client. > > > > Indeed; I thought ntpd had a public key encryption scheme where we just > > need > > the secret key on the server[1] and the public key can be general for all > > Debian users. (I think that's the 'autokey' scheme -- the > > "trustedkey/requestkey" stuff is where you share a secret between client > > and > > server). > > That was my understanding as well. At least the documentation states: > "key pairs are used where establishing shared secrets is difficult. The > autokey mechanism uses key pairs.".
So after reading some more, I think the only option we have is using the IFF identity scheme. But I seem to be failing in getting it working. Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
