Yo Richard! On Sun, 31 Mar 2019 21:06:25 -0500 Richard Laager via devel <devel@ntpsec.org> wrote:
> On 3/31/19 8:58 PM, Gary E. Miller via devel wrote:
> > Yo Richard!
> >
> > On Sun, 31 Mar 2019 18:47:35 -0500
> > Richard Laager via devel <devel@ntpsec.org> wrote:
> >
> >> This option would allow Gary's scenario to validate, without
> >> needing to trust that root system-wide. He would presumably then
> >> eliminate "noval" from that configuration line.
> >
> > Failing to match a root CA in the local cert is only one of many
> > ways that a cert can fail to validate. Before noval can be removed
> > there must be a workaround for all of them.
>
> I don't know how I can be more clear about this. I'm suggesting that
> you, individually, would remove "noval" from one particular NTS
> association once we have "root" or "ca" to fix validation in that
> scenario. I am not suggesting the "noval" option be removed from ntpd.
If wishes were dreams then beggars would ride. We may, or may not, ever
have the "root" or "ca" options per server. Personally, I find them
more confusing than helpful.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
g...@rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
pgppbCrLRBDgW.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
