Hal Murray via devel writes: > Gary said: >> It is missing key rotation. Also how to share keys between standalone NTS-KE >> and NTPD. > > Why do we need a standalone NTS-KE server?
Because you only want one NTS-KE per any number of ntpd on a large fleet of hardware (think a warehouse full of compute racks) and of course the NTP pool servers will not work with NTS any other way. > I don't understand that use case. Without checking the certificate, > you have no real security. Ack. Plus you can set up so that the validation never leaves the local network if that's a requirement. I didn't say "easily" because I've not yet tried, but in any case you shouldn't shut off validation, but rather configure the path it takes. Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ SD adaptation for Waldorf rackAttack V1.04R1: http://Synth.Stromeko.net/Downloads.html#WaldorfSDada _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
