[ntp:questions] IFF identity scheme on an intermediate server
kostecke at ntp.org
Mon May 11 17:40:43 UTC 2009
"Bartholome, Alain" said:
>I am confused with your client/server definition.
>(I copied the iffpar file to the "intermediate server", it is OK).
>II would like to have an example of use of the iff server key file.
The IFF Identity Scheme uses two files. For the NTP Development releases
these files are:
IFFkey - this is the server's private key. It _never_ leaves the server
IFFpar - this is the server's public key. It is distributed to all
members of this server's Trust Group
Each member of a Trust Group based on the IFF Identity Scheme needs to
have the Trust Group server's IFFpar file in addition to its own host
parameters (e.g. RSA-MD5cert and RSAkey).
You have two Trust Groups:
1. Server: "TH" Members: "intermediate"
2. Server: "intermediate" Members: "client"
In your case the intermediate server is both a member of the upstream
Trust Group (the TH is that Trust Group's server) _and_ it is the server
for for the Trust Group which includes the client.
So, the intermediate system will have:
1. Its own host parameters:
2. Its own IFFkey: ntpkey_IFFkey_intermediate.nonce
3. The IFFpar file from the "TH" : ntpkey_IFFpar_trustedhost.nonce
Plus the usual sym-links.
The intermediate system gives its ntpkey_IFFkey_intermediate.nonce file
to the client.
Steve Kostecke <kostecke at ntp.org>
NTP Public Services Project http://support.ntp.org/
Public Key at http://support.ntp.org/Users/SteveKostecke
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the questions