What's left to doo on NTS.
Daniel Franke
dfoxfranke at gmail.com
Sat Mar 2 04:59:22 UTC 2019
Which ones do you intend to relax? And in any case you don't need a whole
CA, you can pin a self-signed cert and still do full validation on it.
On Fri, Mar 1, 2019, 23:41 Gary E. Miller via devel <devel at ntpsec.org>
wrote:
> Yo Daniel!
>
> On Fri, 1 Mar 2019 21:26:15 -0500
> Daniel Franke <dfoxfranke at gmail.com> wrote:
>
> > On Fri, Mar 1, 2019 at 7:01 PM Gary E. Miller via devel
> > <devel at ntpsec.org> wrote:
> > > "noval" is not mostly for debugging. It is essential for off
> > > network operation.
> >
> > There's no point in doing NTS if you're not doing certificate
> > validation. The result isn't any more secure than unauthenticated NTP.
>
> There is validation, and there is validation. Without some relaxation
> of the validation rules you can't run in a private net without doing
> your own CA.
>
> RGDS
> GARY
> ---------------------------------------------------------------------------
> Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
> gem at rellim.com Tel:+1 541 382 8588
>
> Veritas liberabit vos. -- Quid est veritas?
> "If you can’t measure it, you can’t improve it." - Lord Kelvin
> _______________________________________________
> devel mailing list
> devel at ntpsec.org
> http://lists.ntpsec.org/mailman/listinfo/devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190301/5b77f832/attachment.html>
More information about the devel
mailing list