Which ones do you intend to relax? And in any case you don't need a whole CA, you can pin a self-signed cert and still do full validation on it.
On Fri, Mar 1, 2019, 23:41 Gary E. Miller via devel <devel@ntpsec.org> wrote: > Yo Daniel! > > On Fri, 1 Mar 2019 21:26:15 -0500 > Daniel Franke <dfoxfra...@gmail.com> wrote: > > > On Fri, Mar 1, 2019 at 7:01 PM Gary E. Miller via devel > > <devel@ntpsec.org> wrote: > > > "noval" is not mostly for debugging. It is essential for off > > > network operation. > > > > There's no point in doing NTS if you're not doing certificate > > validation. The result isn't any more secure than unauthenticated NTP. > > There is validation, and there is validation. Without some relaxation > of the validation rules you can't run in a private net without doing > your own CA. > > RGDS > GARY > --------------------------------------------------------------------------- > Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703 > g...@rellim.com Tel:+1 541 382 8588 > > Veritas liberabit vos. -- Quid est veritas? > "If you can’t measure it, you can’t improve it." - Lord Kelvin > _______________________________________________ > devel mailing list > devel@ntpsec.org > http://lists.ntpsec.org/mailman/listinfo/devel >
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
