NTS client configuration support has landed

Eric S. Raymond esr at thyrsus.com
Sat Feb 2 22:56:17 UTC 2019


Gary E. Miller via devel <devel at ntpsec.org>:
> > Can we toss out these cipher config options in favor of a mechanism
> > that *discovers* what the available cipher are and does the right
> > thing?
> 
> No.  Required for testing.  Required for crypto emergencies.  The
> history of Apache, nginx, postfix and sendmail show these options
> have been essential over the years.

Then we (a) do cipher discovery, and (b) have a server-wide option to force
the cipher for testing.  You can add it to nts.adoc.

And that will be the end of *this* discussion.
-- 
		<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>

My work is funded by the Internet Civil Engineering Institute: https://icei.org
Please visit their site and donate: the civilization you save might be your own.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190202/c4d97dbe/attachment-0001.bin>


More information about the devel mailing list