On 3/31/19 8:58 PM, Gary E. Miller via devel wrote: > Yo Richard! > > On Sun, 31 Mar 2019 18:47:35 -0500 > Richard Laager via devel <devel@ntpsec.org> wrote: > >> This option would allow Gary's scenario to validate, without needing >> to trust that root system-wide. He would presumably then eliminate >> "noval" from that configuration line. > > Failing to match a root CA in the local cert is only one of many ways > that a cert can fail to validate. Before noval can be removed there > must be a workaround for all of them.
I don't know how I can be more clear about this. I'm suggesting that you, individually, would remove "noval" from one particular NTS association once we have "root" or "ca" to fix validation in that scenario. I am not suggesting the "noval" option be removed from ntpd. -- Richard
signature.asc
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
