[ntp:questions] Is there something with greater detail on "interface" besides the manpage?

Harlan Stenn stenn at ntp.org
Wed Nov 20 23:42:23 UTC 2013


David Woolley writes:
> On 20/11/13 03:34, Harlan Stenn wrote:
> 
> >
> > We use certificates generated and signed by CAcert.org .  Their class 1
> > and class 3 certificates are not included by default in many places yet.
> >
> > You probably just need to install these certificates:
> >
> >   https://www.cacert.org/index.php?id=3
> 
> Only after clearing it with your IT department.  Whilst CACert may well 
> be less risky than some of the more obscure ones trusted by Windows, 
> more security conscious IT departments may well disable many of the 
> default Windows ones.
> 
> >
> > I thought there was a note to this effect on the website but I'm not
> > finding that now.
> 
> Telling people to reduce security without explaining the security 
> implications is a bad idea.

Where am I telling folks to reduce security?

> Most end users will go for convenience, rather than make a proper,
> informed, decision.  (Every new root certificate increases the number
> of sites you trust and therefore reduces your security.)

Getting a certificate from an entity that alraedy has them in the
browsers costs money.  There was one place that didn't charge, and there
were some other issues (that I don't recall offhand) that prevented us
from converting to them.

If this is a significant deal to enough folks, they can always donate $
to NTF and we can pay for these other certs.
-- 
Harlan Stenn <stenn at ntp.org>
http://networktimefoundation.org - be a member!


More information about the questions mailing list