[ntp:questions] Is there something with greater detail on "interface" besides the manpage?
Harlan Stenn
stenn at ntp.org
Wed Nov 20 23:42:23 UTC 2013
David Woolley writes:
> On 20/11/13 03:34, Harlan Stenn wrote:
>
> >
> > We use certificates generated and signed by CAcert.org . Their class 1
> > and class 3 certificates are not included by default in many places yet.
> >
> > You probably just need to install these certificates:
> >
> > https://www.cacert.org/index.php?id=3
>
> Only after clearing it with your IT department. Whilst CACert may well
> be less risky than some of the more obscure ones trusted by Windows,
> more security conscious IT departments may well disable many of the
> default Windows ones.
>
> >
> > I thought there was a note to this effect on the website but I'm not
> > finding that now.
>
> Telling people to reduce security without explaining the security
> implications is a bad idea.
Where am I telling folks to reduce security?
> Most end users will go for convenience, rather than make a proper,
> informed, decision. (Every new root certificate increases the number
> of sites you trust and therefore reduces your security.)
Getting a certificate from an entity that alraedy has them in the
browsers costs money. There was one place that didn't charge, and there
were some other issues (that I don't recall offhand) that prevented us
from converting to them.
If this is a significant deal to enough folks, they can always donate $
to NTF and we can pay for these other certs.
--
Harlan Stenn <stenn at ntp.org>
http://networktimefoundation.org - be a member!
More information about the questions
mailing list