What's left to doo on NTS.

[Hal Murray]

Gary said:
>> Which ones do you intend to relax? And in any case you don't need a
>> whole CA, you can pin a self-signed cert and still do full validation
>> on it.
> Except we can't.  The current NTPsec code does not support any cert
> fanciness. 

For some value of "any" or "fancy".

You can provide a list of trusted certificates.  That's how I've been testing 
with self signed certs.

-- 
These are my opinions.  I hate spam.