What's left to doo on NTS

Hal Murray hmurray at megapathdsl.net
Mon Mar 4 09:58:23 UTC 2019


Gary said:
>> Otherwise, either do full validation or don't bother with NTS
>> at all. Pinning counts as full validation.

> I'd be happy if we had per host pinning instead of "noval". 

How is per-host pinning normally implemented?

We have the option to use a local file of trusted/root certificates.  Can you 
easily get one per host to put in there?


-- 
These are my opinions.  I hate spam.





More information about the devel mailing list