[ntp:questions] IFF identity scheme on an intermediate server

David Mills mills at udel.edu
Mon May 11 21:16:27 UTC 2009


Steve,

Thaks for the chime. Just to clarify, the client parameters are included 
in the server keys, so the "intermediate server" does not need the 
client parameters file.

Dave

Steve Kostecke wrote:

>"Bartholome, Alain" said:
>
>  
>
>>I am confused with your client/server definition.
>>(I copied the iffpar file to the "intermediate server", it is OK).
>>
>>II would like to have an example of use of the iff server key file.
>>    
>>
>
>The IFF Identity Scheme uses two files. For the NTP Development releases
>these files are:
>
>IFFkey - this is the server's private key. It _never_ leaves the server
>
>IFFpar - this is the server's public key. It is distributed to all
>members of this server's Trust Group
>
>Each member of a Trust Group based on the IFF Identity Scheme needs to
>have the Trust Group server's IFFpar file in addition to its own host
>parameters (e.g. RSA-MD5cert and RSAkey).
>
>You have two Trust Groups:
>
>1. Server: "TH" Members: "intermediate"
>
>2. Server: "intermediate" Members: "client"
>
>In your case the intermediate server is both a member of the upstream
>Trust Group (the TH is that Trust Group's server) _and_ it is the server
>for for the Trust Group which includes the client.
>
>So, the intermediate system will have:
>
>1. Its own host parameters:
>	ntpkey_RSA-MD5cert_intermediate.nonce
>	ntpkey_RSAkey_intermediate.nonce
>
>2. Its own IFFkey: ntpkey_IFFkey_intermediate.nonce
>
>3. The IFFpar file from the "TH" : ntpkey_IFFpar_trustedhost.nonce
>
>Plus the usual sym-links.
>
>The intermediate system gives its ntpkey_IFFkey_intermediate.nonce file
>to the client.
>
>  
>




More information about the questions mailing list