NTS client configuration support has landed
Hal Murray
hmurray at megapathdsl.net
Sat Feb 2 10:53:18 UTC 2019
Eric said:
> Can we toss out these cipher config options in favor of a mechanism that
> *discovers* what the available cipher are and does the right thing?
I believe that
server ntp.example.com nts
should work in many/most cases.
We'll have to provide sensible defaults for all of the options.
We need to setup a mechanism to review the defaults occasionally. Maybe with
each release. Maybe on Mark's birthday. The idea is to track progress in the
crypto community. If the default today is to allow TLS 1.2, sometime we
should bump the min up to 1.3. Yes, that means breaking backwards
compatibility. Lots of warning...
--
These are my opinions. I hate spam.
More information about the devel
mailing list