Hi, * Ask Bjørn Hansen <a...@ntppool.org> [2012-09-11 01:01]: > On Sep 10, 2012, at 15:07, Kurt Roeckx <k...@roeckx.be> wrote: > [...] > > So my understanding of things is that even if we also had > > a way to distribute all the public keys, you still can't > > get it to work as you need to provide each client with > > a secret key. > > > > I think what first needs to be done is have an autokey > > implementation that either doesn't need a private key for > > each client but is secure or doesn't need state on the > > server side for each client. > > Indeed; I thought ntpd had a public key encryption scheme where we just need > the secret key on the server[1] and the public key can be general for all > Debian users. (I think that's the 'autokey' scheme -- the > "trustedkey/requestkey" stuff is where you share a secret between client and > server).
That was my understanding as well. At least the documentation states: "key pairs are used where establishing shared secrets is difficult. The autokey mechanism uses key pairs.". Cheers Nico
pgpbjwzet5yC2.pgp
Description: PGP signature
