What's left to doo on NTS
Daniel Franke
dfoxfranke at gmail.com
Mon Mar 4 21:32:33 UTC 2019
On Mon, Mar 4, 2019 at 4:28 PM Gary E. Miller via devel
<devel at ntpsec.org> wrote:
> The name in ntp.conf MUST match the name in the cert. Unless you
> override it ("noval", pin, etc.).
>
> > The normal getaddrinfo and friends automatically follow CNAMEs.
> > Thus my comment about needing some DNS code.
>
> Which opens a big fat back door.
Whatever CNAMEs the DNS hands you, you should follow; the default
behavior of getaddrinfo is fine. Just match the name in the cert
against what's in ntp.conf and not against anything else.
More information about the devel
mailing list