On Sat, Jan 19, 2019, 2:50 PM Richard Laager via devel <[email protected] wrote: > > neither is set: > > For a pool, behave as "nonts" (because the common pool case is a public > pool with volunteer servers that will not be able to present a valid > certificate for the pool).
Actually, I think I came up with a way to NTS enable the pool. Ask would have to create an nts subdomain with a wildcard certificate. FQDNs beginning with a number (ie 2.) return a quartet (or octet in the case of 2.) of CNAMEs for number-letter beginning FQDNs (ie 2g.). The number-letter host(s) are NTS-KE server(s) that negotiate for criteria matching a pseudo-random host in a database as *.nts.pool.ntp.org. But I could be wrong. I pretty annoyingly often am. _______________________________________________ devel mailing list [email protected] http://lists.ntpsec.org/mailman/listinfo/devel
