Yo Richard! On Fri, 8 Mar 2019 16:30:22 -0600 Richard Laager via devel <devel@ntpsec.org> wrote:
> On 3/8/19 3:03 PM, Gary E. Miller via devel wrote:
> >> Here's a proposal off the top of my head:
> >> 1) server private key = SYSCONFDIR/ntp/nts.key
> >> 2) server certificate = SYSCONFDIR/ntp/nts.crt
> >> 3) cookie key file = LOCALSTATEDIR/lib/ntpkeys
> >
> > I'd like an extention on #3. Maybe .conf, but I'm not picky.
>
> It doesn't really feel like a .conf to me. It's not something the user
> edits. I like "ntp.keys", but unfortunately that has a meaning and man
> page already. So maybe master.keys?
Works for me. Hal?
> > Also, the standard never talks of a cookie key, only master
> > key(s).
>
> I don't really care whether we call it a "cookie key file" or "master
> key file" or something else.
I care to reduce the vocabulary, and to make the vocabulary match the
Proposed RFC.
> I was trying to draw a distinction between NTS key/cert and NTP
> (master/cookie) key.
master.keys does that. Right?
>
> >> Where SYSCONFDIR would be /etc and LOCALSTATEDIR would be /var in a
> >> distro-package on Linux.
> >
> > We are sort of in a bind. If the users is supposed to edit
> > LOCALSTATEDIR/lib/ntpkeys then it is not supposed to be in the
> > LOCALSTATEDIR.
>
> The user surely is not (manually) editing the master/cookie keys file.
> The keys will be created by ntpd, so LOCALSTATEDIR is correct.
Uh, say what? How/when/where does ntpd create the master keys? I thought
those were an input. At least the initial master key(s).
> >> LOCALSTATEDIR normally defaults (in GNU [0]) to PREFIX/var and thus
> >> /usr/local/var. If you want to default it to /var/local for better
> >> FHS compliance, that would work too.
> ...
> > My general rule is to follow FHS over GNU if there is a conflict.
>
> Sure, that's reasonable. We should (and do) use the GNU/autoconf names
> for the variables (PREFIX, SYSCONFDIR, etc.) absent a good reason.
> NTPsec practice is to all caps them (PREFIX vs prefix). So that's why
> I used LOCALSTATEDIR.
Works for me. The default is reasonable, and easy for packagers to
change to their requirements.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
g...@rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
pgprjkxepuvsI.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
