On 11/18/19 12:59 AM, Hal Murray wrote:
> rlaa...@wiktel.com said:
>> Does commit 74308fa20545ae1b34708ec06e38ea244dda7c54 disable the use of
>> wildcard certificates for NTS? If so, why was that done?
>
> Looks that way. No specific reason. I was just cleaning up and tightning
> things down. It seems like it would make things slightly more secure. The
> bad guy who wants to play MITM now has to break into your time server.
> Breaking into one of its friends isn't good enough.
>
> What did I break? What's the use case for using wildcards? How often are
> they used?
I can't speak to their prevalence.
One possible use case is for a cluster of time servers. For example,
that Internet exchange time cluster I volunteered to help with (which
generated the PPS splitting questions) is time{1,2,3}.example.com for
the three servers individually and time.example.com as a round-robin.
That could be handled with a time*.example.com certificate on each.
I'm not bringing it up because of that particular case, just using that
as an example. In that particular case, my intended plan was to get a
certificate for each server with that server's name and the round-robin
name, like this: {time1,time}, {time2,time}, {time3,time}.
> Do we want to just remove that line, or add a config file option to set or
> not-set it?
Absent other information on why it should be prohibited, my personal
view would be: wildcard certificates are a normal, not obscure, feature
of TLS and ntpd should not be an outlier by arbitrarily disabling them.
--
Richard
_______________________________________________
devel mailing list
devel@ntpsec.org
http://lists.ntpsec.org/mailman/listinfo/devel
