What's left to doo on NTS
Gary E. Miller
gem at rellim.com
Mon Mar 4 21:49:39 UTC 2019
Yo Daniel!
On Mon, 4 Mar 2019 16:32:33 -0500
Daniel Franke <dfoxfranke at gmail.com> wrote:
> On Mon, Mar 4, 2019 at 4:28 PM Gary E. Miller via devel
> <devel at ntpsec.org> wrote:
> > The name in ntp.conf MUST match the name in the cert. Unless you
> > override it ("noval", pin, etc.).
> >
> > > The normal getaddrinfo and friends automatically follow CNAMEs.
> > > Thus my comment about needing some DNS code.
> >
> > Which opens a big fat back door.
>
> Whatever CNAMEs the DNS hands you, you should follow; the default
> behavior of getaddrinfo is fine. Just match the name in the cert
> against what's in ntp.conf and not against anything else.
+1
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190304/f167d3d5/attachment.bin>
More information about the devel
mailing list