On 18.08.23 21:22, Jason Long wrote:
1- In the round-robin mechanism, we can use the same keys for our
servers, but each client uses its own key.
You *can* do that, yes.
Since you apparently don't provide clients with a CRL or any other means
to have server certs revoked, I guess it doesn'
On Fri, Aug 18, 2023 at 7:51 PM, Jochen Bern
wrote: On 18.08.23 16:31, Jason Long wrote:
> 1- So, if we have multiple servers, then it is >better that the servers
> have the same key, but each client has its >own key. Am I right?
>No.
>I said that *if* you want your clients to be able >to
On 18.08.23 16:31, Jason Long wrote:
1- So, if we have multiple servers, then it is better that the servers
have the same key, but each client has its own key. Am I right?
No.
I said that *if* you want your clients to be able to replace one server
with another dynamically, it may be a vali
On Thu, Aug 17, 2023 at 5:32 PM, Jochen Bern
wrote: >On 17.08.23 14:12, Jason Long wrote:
> It is even better if each server has its own >separate keys.
>You didn't mention setting up multiple servers >yet IIRC, but yes, same
>best practice there ... in principle.
>However, if you plan to ins
