Re: Getting ready for a release, wildcards

2022-05-02 Thread countkase--- via devel
On Thursday, April 21, 2022, 09:20:06 AM PDT, Matt Selsky wrote: > Hi James, > > I'm not sure if you're being serious or not with the "nah" :) > > The potential mac truncation seems serious. I'm not sure about the other 2 > issues. > > Let me know what you think. 1254 temporarily resolved

Re: Getting ready for a release, wildcards

2022-04-25 Thread Hal Murray via devel
Thanks again for your helpful comments. On the cert documentation ... What is our target audience? Admins who already know about certificates or newbies who are getting a certificate for the first time? (This was my first.) Is there a certificates-for-newbies document we can reference? If

Re: Getting ready for a release, wildcards

2022-04-23 Thread Richard Laager via devel
On 4/22/22 02:08, Hal Murray wrote: +1 to NOT making this a knob. Would you please say more. It would be invisible unless you go looking for it. Are you against unnecessary knobs in general? Yes. If I had pushed this code a month or 3 ago when we weren't discussing a release or

Re: Getting ready for a release, wildcards

2022-04-22 Thread Hal Murray via devel
> +1 to NOT making this a knob. Would you please say more. It would be invisible unless you go looking for it. Are you against unnecessary knobs in general? If I had pushed this code a month or 3 ago when we weren't discussing a release or wildcards, would you have spoken up against it? I

Re: Getting ready for a release, wildcards

2022-04-22 Thread countkase--- via devel
On Thursday, April 21, 2022, 09:20:06 AM PDT, Matt Selsky wrote: > Hi James, > > I'm not sure if you're being serious or not with the "nah" :) > > The potential mac truncation seems serious. I'm not sure about the other 2 > issues. > > Let me know what you think. Serious on all three and hey

Re: Getting ready for a release, wildcards

2022-04-22 Thread Matt Selsky via devel
Hi James, I'm not sure if you're being serious or not with the "nah" :) The potential mac truncation seems serious. I'm not sure about the other 2 issues. Let me know what you think. Thanks, -Matt ___ devel mailing list devel@ntpsec.org

Re: Getting ready for a release, wildcards

2022-04-21 Thread Richard Laager via devel
unless someone asks for this to be a knob. Thanks, -Matt From: Hal Murray Sent: Wednesday, April 20, 2022 2:12 PM To: Matt Selsky Cc: devel@ntpsec.org ; Hal Murray Subject: Re: Getting ready for a release, wildcards [The mail system is in sloth mode again.] matthew.sel.

Re: Getting ready for a release, wildcards

2022-04-21 Thread Hal Murray via devel
Richard Laager said: > Sure, that's all true. But, I'm not sure why you felt the need to mention > this. That is how everything works. In general, it's not even guaranteed > that a TLS-speaking daemon knows its own (external) hostname. It obviously > can't know what is in the client's trust

Re: Getting ready for a release, wildcards

2022-04-21 Thread James Browning via devel
On Apr 20, 2022 7:50 AM, Matt Selsky via devel wrote:Hi Hal, I don't think we should have a knob for disabling wildcards. This is not the sort of knob that operators expect (what other software provides such a knob?) and we're just adding another code path to test. Are there any other

Re: Getting ready for a release, wildcards

2022-04-21 Thread Hal Murray via devel
> I would rather not add knobs unless someone asks for this to be a knob. Nobody outside is ever going to ask for this knob. It's a grubby detail. Only geeks know that the concept exists. I want this knob so I/we can experiment. -- These are my opinions. I hate spam.

Re: Getting ready for a release, wildcards

2022-04-21 Thread Richard Laager via devel
On 4/19/22 17:01, Hal Murray via devel wrote: One is to update the nts cert documentation to say that it doesn't do any checking on the certificate. - Present the certificate in _file_ as our certificate. + Present the certificate (chain) in _file_ as our certificate. + + + Note that there

Re: Getting ready for a release, wildcards

2022-04-21 Thread Matt Selsky via devel
___ From: Hal Murray Sent: Wednesday, April 20, 2022 2:12 PM To: Matt Selsky Cc: devel@ntpsec.org ; Hal Murray Subject: Re: Getting ready for a release, wildcards [The mail system is in sloth mode again.] matthew.sel...@twosigma.com said: > I don't think we should have a knob

Re: Getting ready for a release, wildcards

2022-04-21 Thread Hal Murray via devel
[The mail system is in sloth mode again.] matthew.sel...@twosigma.com said: > I don't think we should have a knob for disabling wildcards. This is not the > sort of knob that operators expect (what other software provides such a > knob?) and we're just adding another code path to test. I'll be

Re: Getting ready for a release, wildcards

2022-04-20 Thread Matt Selsky via devel
Hi Hal, I don't think we should have a knob for disabling wildcards. This is not the sort of knob that operators expect (what other software provides such a knob?) and we're just adding another code path to test. Are there any other release blockers? If not, I'll update the NEWS for the

Getting ready for a release, wildcards

2022-04-20 Thread Hal Murray via devel
I just pushed 2 tweaks. One is to update the nts cert documentation to say that it doesn't do any checking on the certificate. The other is a hack patch to aes_siv.c to supress deprecated warnings from OpenSSL 3. Is anybody (else) using OpenSSL 3? It's trivial on FreeBSD. Just install