Yo Eric! On Thu, 17 Jan 2019 12:35:55 -0500 (EST) "Eric S. Raymond via devel" <devel@ntpsec.org> wrote:
> Charlie requests a master key (and possibly initial cookies) daily > from Delta. Does he? Where does the Proposed RFC say that? It could just be a one time config file entry. > It may do so simply by looking in fixed file locations > for the data. Is there any plausible scenario in which Charlie and > Delta must run on different hosts? I see Alpha and Bravo as the same location. Not Charlie and Delta. Any and every data center will split Charlie and Delta. One NTS-KE server per aisle and NTPD spread down the aisle. This is how Mark initially described it to me. Charlie may have the keys stored in a special HSM. Delta is any random VM spun up and spun down randomly. > I don't see any requests from Delta to Charlie. Of course we have > polling from Alpha to Charlie and (unusually) KODs in the > other direction. > > Bravo Delta > NTS client ---------------> NTS server > ^ ^ > | | > Alpha Charlie > NTP client <--------------> NTP server I think NTP and NTS are too vague. I'd rather see NTS-KE and NTPD. > Does this diagram look correct? I agree that there may be optional communication from Charlie(s) to Delta. Alpha and Bravo are one and the same. Also left out is that Bravo is likely, in turn, being a Delta. > I'm leaning towards an organization in which the NTS client code lives > inside ntpd; this would reduce deployment friction slightly. Is there > any scenario in which we'd want to run these pieces on different > hosts? I think more than just a slight improvement. > Note: Answers by reply email will be good. Answers edited into > nts.adoc would be even better. RGDS GARY --------------------------------------------------------------------------- Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703 g...@rellim.com Tel:+1 541 382 8588 Veritas liberabit vos. -- Quid est veritas? "If you can’t measure it, you can’t improve it." - Lord Kelvin
pgpXdtU9iMv8Z.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel