Wildcards on NTS certificates -- security
Hal Murray
halmurray at sonic.net
Tue Feb 22 22:39:21 UTC 2022
They don't work. See https://gitlab.com/NTPsec/ntpsec/-/issues/729
There is a single line of code that disables them.
They are less secure. But is that "less" practical or theoretical?
They are deprecated in RFC 6125
https://datatracker.ietf.org/doc/html/rfc6125#section-7.2
Should we:
remove or comment out that line of code
add an option to the server line to allow wildcards
reject the bug report
...
Anybody have any opinions? How strong?
--
These are my opinions. I hate spam.
More information about the devel
mailing list