Yo Hal! On Sat, 02 Mar 2019 22:45:05 -0800 Hal Murray via devel <devel@ntpsec.org> wrote:
> Gary said:
> >> Which ones do you intend to relax? And in any case you don't need a
> >> whole CA, you can pin a self-signed cert and still do full
> >> validation on it.
> > Except we can't. The current NTPsec code does not support any cert
> > fanciness.
>
> For some value of "any" or "fancy".
Good we agree. Too early to be fancy, but soon we must.
> You can provide a list of trusted certificates. That's how I've been
> testing with self signed certs.
Many people dont bother to finish the whole self signed process.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
g...@rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
pgpqfIe_zJMwa.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
