> On Mar 12, 2020, at 11:36, Miroslav Lichvar <[email protected]> wrote: > > I think that's no different from how NTP clients currently work with the > pool. If a server is removed from the pool, the clients will use it until > it's marked as a falseticker or unreachable. It doesn't matter if it was > removed from DNS or its certificate expired.
That’s true, but it’d still be nice if we could make it better than the past... :-) Having clients not trust the KE past the certificate duration would make sense to me. Or alternatively maybe NTS clients should just always redo the DNS lookup and KE every X days. (Sorry about the duplicate email earlier) Ask _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
