On 11/18/19 2:36 PM, Gary E. Miller via devel wrote: > I would say another config option. Both for client and server.
I don't see why we would need a config option for the server. If you don't want a wildcard cert there, don't use one. If you do, do. No need to configure. If someone wants an option to disable wildcard certs on the client, I'm not opposed, but it should default to having them enabled. Otherwise, interoperability as a client is compromised. The client would not be able to connect, by default, with e.g. "cloud deployments and large companies". -- Richard
signature.asc
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
