Re: Release, wildcards, etc
On Apr 20, 2022 07:30, Matt Selsky via devel wrote:Hi Hal, I'd like to get https://gitlab.com/NTPsec/ntpsec/-/merge_requests/1264 merged and then do the release. Is there anything else that we want in the release?Yes, but in the interest of helping get it out on this calendar the rest of my merge requests can wait. Joining the NTPsec group at GitLab would be nice.___ devel mailing list devel@ntpsec.org https://lists.ntpsec.org/mailman/listinfo/devel
Re: Release, wildcards, etc
[Mail to devel has about a 10 hour delay.] Sorry for not providing more context on my first try. > "nts nowildcards" changes the default from wildcards allowed to not allowed. > server blah, blah "nowildcards" turns off wildcards for this slot > server blah, blah "wildcardsOK" allows wildcards for this slot > wildcardsOK has priority over either/both nowildcards The context was testing my knob patch. I said there were only 8 cases to test. That's from 8 combinations of 3 flags. -- These are my opinions. I hate spam. ___ devel mailing list devel@ntpsec.org https://lists.ntpsec.org/mailman/listinfo/devel
Re: Release, wildcards, etc
> Sorry, I'm not following what you mean here. Do you have a patch or merge > request that I can look at? I should be able to explain it. In the config file: "nts nowildcards" changes the default from wildcards allowed to not allowed. server blah, blah "nowildcards" turns off wildcards for this slot server blah, blah "wildcardsOK" allows wildcards for this slot wildcardsOK has priority over either/both nowildcards If that doesn't work, I'll send a patch. -- These are my opinions. I hate spam. ___ devel mailing list devel@ntpsec.org https://lists.ntpsec.org/mailman/listinfo/devel
Re: Release, wildcards, etc
On Fri, Apr 22, 2022 at 12:13:25AM -0700, Hal Murray via devel wrote: > nts nowildcards at the top level to set the default > nowildcards at the server level > wildcardsOK at the server level to override the default Hi Hal, Sorry, I'm not following what you mean here. Do you have a patch or merge request that I can look at? Thanks, -Matt ___ devel mailing list devel@ntpsec.org https://lists.ntpsec.org/mailman/listinfo/devel
Re: Release, wildcards, etc
Richard Laager said: > 8 cases? I thought it was one setting, which would be 2 cases. > Can you expand upon what you're actually proposing? Ideally as a merge > request, but at least explain the knobs here. nts nowildcards at the top level to set the default nowildcards at the server level wildcardsOK at the server level to override the default -- These are my opinions. I hate spam. ___ devel mailing list devel@ntpsec.org https://lists.ntpsec.org/mailman/listinfo/devel
Re: Release, wildcards, etc
On 4/21/22 03:17, Hal Murray via devel wrote: There are 8 cases. I think I tested them all. If it will make you happy, I'll test again, being careful to check all 8 cases. 8 cases? I thought it was one setting, which would be 2 cases. Can you expand upon what you're actually proposing? Ideally as a merge request, but at least explain the knobs here. -- Richard ___ devel mailing list devel@ntpsec.org https://lists.ntpsec.org/mailman/listinfo/devel
Re: Release, wildcards, etc
[Eric: There are a couple of preceding messages to devel in the mail someplace.] > I'd like to get https://gitlab.com/NTPsec/ntpsec/-/merge_requests/1264 merged > and then do the release. > Is there anything else that we want in the release? I'm sorry that we have gotten off on the wrong foot (feet?). I'll try to review and maybe fill in a few blanks. It's time for a release in general. Fixing the wildcard bug is a good excuse to do it now. There is no rush or deadline. You are putting me in an awkward position by asking me to approve your patch when I want to do something else. I think your fix will do what you want. I haven't actually tested it. You have a simple fix for the wildcards. I have a more complicated one, with knobs that you don't like. If it wasn't for tangling with your fix, I would have just pushed this code. I'm not sure why you don't like my knobs. Several possibilities: 1) more code to test. There are 8 cases. I think I tested them all. If it will make you happy, I'll test again, being careful to check all 8 cases. 2) it's useless clutter I'd like to experiment with it. Other than general clutter, I can't think of any reason not to include my knobs. 3) you want to get the release out soon and don't want to think about knobs. As far as I know, there is no rush on the release. I'll help more with testing if my knobs are in. 4) others? I can't think of anything else that needs to go into this release. I have some code that adds another line to the (already noisy) client side logging for the KE exchange to display the SAN:DNS list from the certificate. I think it should go in, but I'll wait until after the release if you prefer. We should scan the issues and merge requests. (James has several that we have all been negligent about approving or providing feedback.) -- These are my opinions. I hate spam. ___ devel mailing list devel@ntpsec.org https://lists.ntpsec.org/mailman/listinfo/devel
Re: Release, wildcards, etc
Hi Hal, I'd like to get https://gitlab.com/NTPsec/ntpsec/-/merge_requests/1264 merged and then do the release. Is there anything else that we want in the release? Thanks, -Matt ___ devel mailing list devel@ntpsec.org https://lists.ntpsec.org/mailman/listinfo/devel
Release, wildcards, etc
> Sigh. I should get up to speed onmn crypto and certificates. I doubt I can > do it fast enough to be useful on this one, though. Service Names in TLS https://datatracker.ietf.org/doc/draft-ietf-uta-rfc6125bis/ It's 24 pages with the usual amount of boiler plate so only half of that is serious reading. To get in the right mind set, you should watch a few of Moxie Marlinspike's talks. He's a good speaker. DEF CON 17 - Moxie Marlinspike - More Tricks for Defeating SSL https://www.youtube.com/watch?v=5dhSN9aEljg 48 minutes -- hacking SSL DEF CON 18 - Moxie Marlinspike - Changing Threats To Privacy: From TIA to Google https://www.youtube.com/watch?v=DoeNbZlxfUM 43 minutes -- Privacy DEF CON 19 - Moxie Marlinspike - SSL And The Future Of Authenticity https://www.youtube.com/watch?v=UawS3_iuHoA 46 minutes -- trusting CAs -- These are my opinions. I hate spam. ___ devel mailing list devel@ntpsec.org https://lists.ntpsec.org/mailman/listinfo/devel