Garrett, That's why the identity schemes are provided. See the Autokey protocol on the NTP project pageand links from there. See http://www.eecis.udel.edu/~mills/proto.html.
While it is assumed the trusted host has both the trusted (self-signed) certificate and identity keys and a secure way to retrieve the encrypted keys, it is possible in printiple, just like a conventional CA, to infiltrate a legitimate CA and assume its identity. Dave Garrett Wollman wrote: > In article <[EMAIL PROTECTED]>, > Steve Kostecke <[EMAIL PROTECTED]> wrote: > > >>There is no Central Scrutinizer who decrees whether or not a server is >>"authentic" or "trusted". >> >>The entity generating the host parameters marks them as trusted by using >>the '-T' switch during the generation process. > > > It is not up to the server operator whether clients should believe > some random self-signed "certificate" proffered by a server (or > someone masquerading as a server). > > -GAWollman > _______________________________________________ questions mailing list [email protected] https://lists.ntp.isc.org/mailman/listinfo/questions
