[ntp:hackers] Autokey weedwack

David L. Mills mills at udel.edu
Tue Dec 25 04:19:40 UTC 2007


Brian,

The libopts features were implemented against my advice.

The problem is that it must be easy to update the certificate valid 
period without affecting the downstream identity files previously 
distributed. The first few times ntp-keygen is run, different options 
might be required to generate these files. To update the certificate no 
options are required.

Dave

Brian Utterback wrote:

> David L. Mills wrote:
>
>> documentation HTML pages have been rewriten. The source code 
>> documentation has for ntp_crypto.c and ntp-keygen.c has been revised. 
>> Disregard the ntp-keygen program on-line options display and man 
>> page, which are largely irrelevant and erroneous in places. 
>> Especially do not use the configuration file save/restore feature, 
>> which is highly dangerous relative to the way the options are 
>> designed to be used and could result in unintended update of 
>> previously downloaded keys. The ntp-keygen and authentication options 
>> pages have details and examples.
>>   
>
>
> If the save and load features of libopts are toxic for ntp-keygen, 
> then those options should just
> be disabled.
>
> Brian Utterback




More information about the hackers mailing list