NTS Wildcard Certificates

Hal Murray hmurray at megapathdsl.net
Mon Nov 18 06:59:52 UTC 2019

rlaager at wiktel.com said:
> Does commit 74308fa20545ae1b34708ec06e38ea244dda7c54 disable the use of
> wildcard certificates for NTS? If so, why was that done? 

Looks that way.  No specific reason.  I was just cleaning up and tightning 
things down.  It seems like it would make things slightly more secure.  The 
bad guy who wants to play MITM now has to break into your time server.  
Breaking into one of its friends isn't good enough.

What did I break?  What's the use case for using wildcards?  How often are 
they used?

Do we want to just remove that line, or add a config file option to set or 
not-set it?

These are my opinions.  I hate spam.

More information about the devel mailing list