On 3/28/19 6:07 PM, Gary E. Miller via devel wrote: > Yo Richard! > > On Thu, 28 Mar 2019 17:55:36 -0500 > Richard Laager via devel <devel@ntpsec.org> wrote: > >> On 3/28/19 5:47 PM, Gary E. Miller via devel wrote: >>> Don't care. I like that the cert is pinned. >> >> There is a downside. Every time it changes, you have to take a leap of >> faith when you re-pin it, rather than getting normal CA validation. > > You miss the point, this is addition to normal CA validation, not > an alternative to it. Just like HPKP.
No, it's not. Pidgin only pops up that dialog if it can't validate the certificate. So validation has failed, and you're taking a leap of faith to accept the new certificate each time it changes. -- Richard
signature.asc
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel