[ntp:hackers] Autokey weedwack
David L. Mills
mills at udel.edu
Tue Dec 25 04:19:40 UTC 2007
Brian,
The libopts features were implemented against my advice.
The problem is that it must be easy to update the certificate valid
period without affecting the downstream identity files previously
distributed. The first few times ntp-keygen is run, different options
might be required to generate these files. To update the certificate no
options are required.
Dave
Brian Utterback wrote:
> David L. Mills wrote:
>
>> documentation HTML pages have been rewriten. The source code
>> documentation has for ntp_crypto.c and ntp-keygen.c has been revised.
>> Disregard the ntp-keygen program on-line options display and man
>> page, which are largely irrelevant and erroneous in places.
>> Especially do not use the configuration file save/restore feature,
>> which is highly dangerous relative to the way the options are
>> designed to be used and could result in unintended update of
>> previously downloaded keys. The ntp-keygen and authentication options
>> pages have details and examples.
>>
>
>
> If the save and load features of libopts are toxic for ntp-keygen,
> then those options should just
> be disabled.
>
> Brian Utterback
More information about the hackers
mailing list