✘NTS and ALPN

Gary E. Miller gem at rellim.com
Tue Aug 20 19:08:40 UTC 2019 

Yo Achim!

On Tue, 20 Aug 2019 21:01:42 +0200
Achim Gratz via devel <devel at ntpsec.org> wrote:

> Gary E. Miller via devel writes:
> >> That is making things work for now where there's only one single
> >> thing to negotiate, but it will break later on.  I've posted what
> >> I believe is the correct patch quite some time ago.  
> >
> > What would break?  How?  
> 
> The callback is supposed to traverse two lists (one from the foreign
> party and an internal one) of possible protocols.

Does NTS uses more than one protocol?

>  Dan's patch removed
> collapsed the internal list to a single element that is already
> stripped of its length byte,

Yes.  That was intentional.

> so it doesn't conform to the ALPN data
> structure description anymore.

Already discussed here.  Right or wrong, NTS was not compatible with
the other NTS implementations.  Dan's patch makes NTS compatible.

If all the other NTS are doing it wrong, then you need to take it up
with them.

> Consequently it also omits any code
> to traverse the internal list, both of which will come back to bite
> you when you do need to support the second protocol.

Are there any plans for that?  I don't remember hearing any.  No
need for code to implement some vauge future possible change.

> The previous changes introduced by Hal also check for things that the
> API clearly state need not be checked (there is explicit guidance that
> the callback we implement can assume the syntactic structure of the
> input data is correct).

Hal had weeks to look at it.  Did he miss something?

> > Can you resend the patch?  
> 
> https://lists.ntpsec.org/pipermail/devel/2019-July/008508.html

James already sent that, I already commented.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at rellim.com  Tel:+1 541 382 8588

	    Veritas liberabit vos. -- Quid est veritas?
    "If you can't measure it, you can't improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190820/0a637e94/attachment.bin>

More information about the devel mailing list