Yo Hal! On Sat, 02 Feb 2019 02:53:18 -0800 Hal Murray via devel <devel@ntpsec.org> wrote:
> Eric said:
> > Can we toss out these cipher config options in favor of a mechanism
> > that *discovers* what the available cipher are and does the right
> > thing?
>
> I believe that
> server ntp.example.com nts
> should work in many/most cases.
Yes.
> We'll have to provide sensible defaults for all of the options.
Yes.
> We need to setup a mechanism to review the defaults occasionally.
yes.
> Maybe with each release. Maybe on Mark's birthday. The idea is to
> track progress in the crypto community. If the default today is to
> allow TLS 1.2, sometime we should bump the min up to 1.3. Yes, that
> means breaking backwards compatibility. Lots of warning...
Or not. The history of crypto emergencies is long.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
g...@rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
pgpN5Nl3EPJiX.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
