hmurray at megapathdsl.net
Mon Jan 13 03:52:22 UTC 2020
The current simple setup of something like
server ntp.example.com nts
depends on the OS root server collection.
Suppose you don't trust all those CAs. What can you do?
One option is to extract the appropriate certificate from the installed root
server ntp.example.com nts ca <cert-file-here>
That means the bad guys have to compromise a particular CA rather than any one
in the collection.
Does anybody know how to do that? It's probably slightly different on every
Is there a better approach?
These are my opinions. I hate spam.
More information about the devel