Docs we will need

Richard Laager rlaager at wiktel.com
Mon Feb 4 17:02:48 UTC 2019


On 2/3/19 5:48 PM, Hal Murray wrote:
> [getting started]
>> How do certificates make this more complicated?
> 
> Checking certificates depends on time.
> 
> It may be a non problem if your system has a RTC/TOY clock.  But they break.  
> Raspberry Pis don't have them, ...

Right. We are going to eventually need behaviors (and possibly config
flags) to control whether the system prefers getting time initially or
staying 100% secure with certificate validation.

That said, on a Pi, if you write the time to a file on shutdown, then
you will be accurate enough for certificate checks to pass on reboots
and outages shorter than a couple months.

-- 
Richard


More information about the devel mailing list