On 2/3/19 5:48 PM, Hal Murray wrote: > [getting started] >> How do certificates make this more complicated? > > Checking certificates depends on time. > > It may be a non problem if your system has a RTC/TOY clock. But they break. > Raspberry Pis don't have them, ...
Right. We are going to eventually need behaviors (and possibly config flags) to control whether the system prefers getting time initially or staying 100% secure with certificate validation. That said, on a Pi, if you write the time to a file on shutdown, then you will be accurate enough for certificate checks to pass on reboots and outages shorter than a couple months. -- Richard _______________________________________________ devel mailing list [email protected] http://lists.ntpsec.org/mailman/listinfo/devel
