Gary E. Miller via devel <devel@ntpsec.org>: > The way Mark explained it to me, you want one NTS-KE per aisle, or > per rack. That limits the number of servers, with keys, that need > to be protected.
I now think this plan is a mistake and that Hal did the right thing by
building key service into ntpd itself.
Trying to change that by breaking out a separate NTS-KE server would
introduce a lot of complexity when we could achieve the same result by
pointing the ntpd instances at a common key on a fileshare.
If you don't trust that your LAN is secured enough to do that, you can't
trust it enough to pass NTS-KE traffic over it either.
--
<a href="http://www.catb.org/~esr/";>Eric S. Raymond</a>
My work is funded by the Internet Civil Engineering Institute: https://icei.org
Please visit their site and donate: the civilization you save might be your own.
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
