gha...@gmail.com said:
> I have a server running ntpsec git head, in the pool. It has a valid SSL
> certificate. I would like to turn on NTS, etc, and see what happens.
One thing that nobody has tried/checked yet...
If the secret key file for your certificate needs a password, ntpd may have
gha...@gmail.com said:
> I have a server running ntpsec git head, in the pool. It has a valid SSL
> certificate. I would like to turn on NTS, etc, and see what happens.
Looks like you are debugging the documentation as well as the code.
Eric: Should we have a simple man page on how to setup t
On Wed, Feb 20, 2019 at 2:04 PM Hal Murray via devel
wrote:
>
> Testing. Get it up and running in your local environment. If you have a
> real
> certificate and are willing to support some testing traffic, tell me/us
> the
> host name and/or send us the root certificate.
>
I have a server runn
dfoxfra...@gmail.com said:
>> The K and I used to encrypt cookies is a hack constant so old
>> cookies work over server reboots.
> I assume this is temporary while you work on this code, right? Obviously if K
> is a hardcoded constant you have no security.
Right. Total hack to allow debugging
On 2/20/19 7:26 AM, Hal Murray via devel wrote:
> For non public IP Addresses (aka behind a NAT box) you can use self signed
> certificates.
In that scenario, you can still use Let's Encrypt. Use the DNS challenge
method. The Let's Encrypt client (on the NTS-KE server) uses nsupdate
(or similar)
On Wed, Feb 20, 2019 at 12:48 AM Hal Murray via devel wrote:
> The K and I used to encrypt cookies is a hack constant so old cookies work
> over server reboots.
I assume this is temporary while you work on this code, right?
Obviously if K is a hardcoded constant you have no security.
> With the
> If I have a real certifucate, I don't know it.
You have one on any web server that supports https. I don't know where it
lives. Probably someplace in apache land.
Gary says it's easy to get them via Lets Encrypt. Their web page says you
need to control the domain. Gary said you only need a
Hal Murray :
> > Excellent. What's the bext thing you need from me?
>
> Testing. Get it up and running in your local environment. If you have a
> real
> certificate and are willing to support some testing traffic, tell me/us the
> host name and/or send us the root certificate.
If I have a r
> Excellent. What's the bext thing you need from me?
Testing. Get it up and running in your local environment. If you have a real
certificate and are willing to support some testing traffic, tell me/us the
host name and/or send us the root certificate.
If you want to write code, we need to s
Hal Murray via devel :
>
> The server side needs a cookie and private key.
>
> The K and I used to encrypt cookies is a hack constant so old cookies work
> over server reboots.
>
> The client side defaults to using the system root certificates. You can
> provide your own.
>
> With the NTS fl
The server side needs a cookie and private key.
The K and I used to encrypt cookies is a hack constant so old cookies work
over server reboots.
The client side defaults to using the system root certificates. You can
provide your own.
With the NTS flag, the client side tries NTS-KE, and drop
11 matches
Mail list logo
