[It's been quite recently.] I was thinking about certificates ...
I think we can implement pinning with the current code. We need a script to fetch the certificate, follow the chain to see which root certificate it is using, find that certificate in the local root cert collection, and copy it to a safe place. Then adjust ntp.conf to include ca <safe place> ntpd will use that cert to verify the chain. We need another script to verify/update things. Maybe they are the same script with different options. Does that sound right? Is anybody familiar enough with the OpenSSL utilities to write that script? -- These are my opinions. I hate spam. _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
