Gary E. Miller via devel <devel@ntpsec.org>: > > > The way Mark explained it to me, you want one NTS-KE per aisle, or > > > per rack. That limits the number of servers, with keys, that need > > > to be protected. > > > > I now think this plan is a mistake and that Hal did the right thing by > > building key service into ntpd itself. > > The opinion that counts is that of Cisco. Anyone asked them?
It hasn't come up. I get the impression their requirements list is not
that fine-grained.
> > If you don't trust that your LAN is secured enough to do that, you
> > can't trust it enough to pass NTS-KE traffic over it either.
>
> Not the LAN, your containers.
I don't understand that.
--
<a href="http://www.catb.org/~esr/";>Eric S. Raymond</a>
My work is funded by the Internet Civil Engineering Institute: https://icei.org
Please visit their site and donate: the civilization you save might be your own.
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
