[ntp:questions] NTP 4.2.4p2-RC3 Released

David Woolley david at djwhome.demon.co.uk
Sat May 26 08:00:47 UTC 2007


In article <f38bhi$l91$1 at scrotar.nss.udel.edu>,
David L. Mills <mills at udel.edu> wrote:

> my problem. I don't log into anywhere with name and password unless 
> requested by an official employer or govenment organization. 

And in that circumstance, one shouldn't login to a site with a self
signed certificate unless you have already been provided with a copy of
the certificate over a properly authenticated channel.  At the moment,
if I were to give a user and password, which I'm reluctant to do when
there is no need (I hate (B2C) commercial sites that force you to register
before they will give you full access to product information or pricing), 
I would have to assume that I was giving it to a man in the middle attacker,
and thus use throwaway values for both.




More information about the questions mailing list