Docs we will need
Richard Laager
rlaager at wiktel.com
Mon Feb 4 17:02:48 UTC 2019
On 2/3/19 5:48 PM, Hal Murray wrote:
> [getting started]
>> How do certificates make this more complicated?
>
> Checking certificates depends on time.
>
> It may be a non problem if your system has a RTC/TOY clock. But they break.
> Raspberry Pis don't have them, ...
Right. We are going to eventually need behaviors (and possibly config
flags) to control whether the system prefers getting time initially or
staying 100% secure with certificate validation.
That said, on a Pi, if you write the time to a file on shutdown, then
you will be accurate enough for certificate checks to pass on reboots
and outages shorter than a couple months.
--
Richard
More information about the devel
mailing list