NTS client configuration support has landed
Gary E. Miller
gem at rellim.com
Sat Feb 2 21:22:18 UTC 2019
Yo Hal!
On Sat, 02 Feb 2019 02:53:18 -0800
Hal Murray via devel <devel at ntpsec.org> wrote:
> Eric said:
> > Can we toss out these cipher config options in favor of a mechanism
> > that *discovers* what the available cipher are and does the right
> > thing?
>
> I believe that
> server ntp.example.com nts
> should work in many/most cases.
Yes.
> We'll have to provide sensible defaults for all of the options.
Yes.
> We need to setup a mechanism to review the defaults occasionally.
yes.
> Maybe with each release. Maybe on Mark's birthday. The idea is to
> track progress in the crypto community. If the default today is to
> allow TLS 1.2, sometime we should bump the min up to 1.3. Yes, that
> means breaking backwards compatibility. Lots of warning...
Or not. The history of crypto emergencies is long.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190202/29b3c4b0/attachment.bin>
More information about the devel
mailing list