Yo Eric! On Sat, 2 Mar 2019 11:36:03 -0500 "Eric S. Raymond" <e...@thyrsus.com> wrote:
> Gary E. Miller via devel <devel@ntpsec.org>:
> > The way Mark explained it to me, you want one NTS-KE per aisle, or
> > per rack. That limits the number of servers, with keys, that need
> > to be protected.
>
> I now think this plan is a mistake and that Hal did the right thing by
> building key service into ntpd itself.
The opinion that counts is that of Cisco. Anyone asked them?
> If you don't trust that your LAN is secured enough to do that, you
> can't trust it enough to pass NTS-KE traffic over it either.
Not the LAN, your containers.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
g...@rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
pgpAldRhDiQiS.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
