Yo Hal! On Thu, 03 Sep 2020 00:14:52 -0700 Hal Murray <hmur...@megapathdsl.net> wrote:
> Thanks.
>
> Gary said:
> > It is not happening, just a request. It seems to raise its hand
> > every few weeks.
>
> I was trying to ask how/where/what you were hearing/seeing such
> requests? Mailing list? usenet? at the local pub?
This mailing list, the IETF NTP WG, And #ntpsec.
> > The idea is that you want NTP on a bunch of servers, but only want
> > your private keys on a very secure server. Otherwise you have to
> > manage TPM on every server, which is a PITA.
>
> Seems like a reasonable request. If you have a bunch of NTP servers,
> do you want to add a single point of failure?
Uh? Nothing in the request says that.
> Is anybody seriously interested, or is this just discussing corner
> cases?
They seemed like serious requests, but I'll not take the time to be their
proxy.
> I haven't worked with TPM. How well does it work with OpenSSL?
Pretty seamless. It is just another place to store keys and run
crypto algos. I thought my new Ryzen motherboard would do TPM, but
it is known buggy woth Linux.
The Asus TPM modules is $12, so when it works, the masses can use TPM.
> Would our code have to change or do they magically cooperate without
> any help from our code?
My guess is no. When openssl asks the kernel to handle keys, randomness,
and crypto algos, the kernel decides to use TPM, emulate TPM, or just
do the traditional.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
g...@rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can't measure it, you can't improve it." - Lord Kelvin
pgp5YLdmPMI7j.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
