[Git][NTPsec/ntpsec][master] nts.adoc: cipher-configuration options are not needed.
Gary E. Miller
gem at rellim.com
Sat Feb 2 20:28:10 UTC 2019
Yo Eric!
On Sat, 02 Feb 2019 20:12:32 +0000
"Eric S. Raymond via vc" <vc at ntpsec.org> wrote:
>
> +To avoid having to hand-configure ciphers offered to the remote, we
> +can initially have a list of common known-good ones wired in.
> +Eventually, look into how openssl-ciphers does this and
> autoconfigure. +
> Per-server options now implemented in the config parser are now
> described in docs/includes/assoc-options.txt
>
This goes against all existing practice. Bad idea.
I suggest you look at the history of this in the Apache, nginx, portfix
and sendmail worlds to see why this is a very bad idea.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190202/c59a99ec/attachment.bin>
More information about the devel
mailing list