Docs we will need
Richard Laager
rlaager at wiktel.com
Mon Feb 4 17:50:47 UTC 2019
On 2/4/19 11:37 AM, Eric S. Raymond wrote:
> Richard Laager via devel <devel at ntpsec.org>:
>> That said, on a Pi, if you write the time to a file on shutdown, then
>> you will be accurate enough for certificate checks to pass on reboots
>> and outages shorter than a couple months.
>
> Thanks, it's important to know the order of magnitude of the slack there
To expand on this a bit...
Certificate lifetimes (from public CAs) are now capped at 825 days:
https://cabforum.org/2017/03/17/ballot-193-825-day-certificate-lifetimes/
So assume you get 2 years on a purchased certificate, since they sell in
year increments, with just over 2 years being the max allowed.
Let's Encrypt certificates are valid for 90 days.
My hunch is that far more NTP servers will use free certs from Let's
Encrypt than purchased certs, but I have no data to back that up.
--
Richard
More information about the devel
mailing list