On Mon, Sep 10, 2012 at 02:06:52PM -0700, Ask Bjørn Hansen wrote: > Hi Kurt, > > Of course you are right. DNSSEC will help a different use case. > > That leaves us the first problem of the keys having to be secret which is > impossible if "random servers" are hosting them. > > If the Debian project had a set of servers with autokey configured that > should be used for ntp.debian.org or auth.debian.pool.ntp.org or some such > then we could setup the NTP Pool system to do the monitoring and DNS for > those.
I'm not sure Debian wants to run ntp.debian.org. We would need to ask people to donate resources for that, and the pool project already exists for that. We do internally run autokey between *.debian.org hosts, but that's not for other people to query. I don't really understand autokey. But from reading things I understand there are 4 authentication scheme's and 5 identity schemes and it works in groups, and clients would need to have secret keys that belong to the same group. So my understanding of things is that even if we also had a way to distribute all the public keys, you still can't get it to work as you need to provide each client with a secret key. I think what first needs to be done is have an autokey implementation that either doesn't need a private key for each client but is secure or doesn't need state on the server side for each client. If you want to drop state for each client in the server, I think that's going to require the client to send it's public key for each query. In any case, I think this is going to significatly increase bandwidth and cpu usage on the servers. Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org