[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Getting rid of checking certificate validity time span?


  • Subject: Re: [Openvpn-users] Getting rid of checking certificate validity time span?
  • From: Konrad Karl <kk_konrad@xxxxxx>
  • Date: Thu, 1 Mar 2007 19:12:12 +0100

On Thu, Mar 01, 2007 at 08:48:21PM +0300, Tony wrote:
> On Thu, 01 Mar 2007 20:30:22 +0300, Konrad Karl <kk_konrad@xxxxxx> wrote:
> 
> > Given that I have full control over the CA, is there any security gain  
> > if the certs have date/time based validity?
> I would rather try to install the NTP client software on all the networked  
> hosts...
> Why bother with CMOS if one can obtain the true|correct time and date  
> *AUTOMAGICALLY* ?

....given there is enough RAM/Flash space on clients and NTP server accessible...

anyways, it can fail and I want to avoid at least this one reason.


Konrad
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users