Hal Murray via devel <devel@ntpsec.org>:
> Eric said:
> > Trying to change that by breaking out a separate NTS-KE server would
> > introduce a lot of complexity when we could achieve the same result by
> > pointing the ntpd instances at a common key on a fileshare.
>
> That adds the fileshare to the security tangle and probably complicates the
> startup dance.
True, but you have to set that against the additional complexity of having
another program to deploy and manage.
We're going to pay in complexity either way. I think the route you've
implicitly chosen is better.
--
<a href="http://www.catb.org/~esr/";>Eric S. Raymond</a>
My work is funded by the Internet Civil Engineering Institute: https://icei.org
Please visit their site and donate: the civilization you save might be your own.
_______________________________________________
devel mailing list
devel@ntpsec.org
http://lists.ntpsec.org/mailman/listinfo/devel
