Yo Hal! On Sun, 17 Nov 2019 22:59:52 -0800 Hal Murray via devel <devel@ntpsec.org> wrote:
> rlaa...@wiktel.com said:
> > Does commit 74308fa20545ae1b34708ec06e38ea244dda7c54 disable the
> > use of wildcard certificates for NTS? If so, why was that done?
>
> Looks that way.
Not good.
> What did I break? What's the use case for using wildcards? How
> often are they used?
Wild card certs are pretty common for cloud deployments and large
companies.
If you are running in the cloud then you have no idea what your hostname
and IP will be before you start a cloud instance. So you use a wildcard.
You do not use a Let's Encrypt cert because "real companies" buy "real"
certs. Partly because your google rank improves the longer your certi
expiration is. Partly because updating a large number of certs every
80 days is a PITA. "real" certs take time to get, and are expensive
per host. So you plan ahead and get a wild card cert. Which is also
cheaper if you have a lot of hosts, and easy to deploy.
> Do we want to just remove that line, or add a config file option to
> set or not-set it?
I would say another config option. Both for client and server.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
g...@rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can't measure it, you can't improve it." - Lord Kelvin
pgpS1ctHTmIgz.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
