On 3/31/19 5:07 AM, Achim Gratz via devel wrote: > So yes, injecting the trust anchor(s) to use for a specific set of > NTS-KE would be the easier option.
How about this: 1) Add a root=file (or dir?) option. This overrides the allowed roots for that association. Only the root(s) in that file are allowed for that association, regardless of what is normally on the system. So this can be used to restrict (sort of like pinning, but only for roots), but assuming we implement pinning, it would be mainly intended to allow a particular root that is not trusted generally. This option would allow Gary's scenario to validate, without needing to trust that root system-wide. He would presumably then eliminate "noval" from that configuration line. 2) If we want more, implement some form of pinning. As the intention of pinning is to further restrict the trust anchors, this would be in addition to normal validation, not instead of it. The pinning options would be mutually exclusive of "noval" to keep the implementation straightforward and to help prevent people from shooting themselves in the foot. -- Richard _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
