NTS client configuration support has landed

Hal Murray hmurray at megapathdsl.net
Sat Feb 2 09:12:16 UTC 2019


> The only way to avoid this would be for me to go out of my way to create
> distinct grammar branches for *each declaration type*. 

If you ever do that, don't forget to merge in the fudge stuff.

--------

[Specifying nonsense options, like refid for a server.]
> Considering that we're talking a quarter century of road miles...well, I'm
> going to want to actually *see* a bug report like that before I incur the
> complexity cost to prevent it. 

We could fix that by checking for silly options at your fancy copy-over stage.

--------

>> My gut feel is that 'nts' can not be part of
>> the 'pool' as then a casual attacker can break the system.
> You might be right, but I'm not going to design on the assumption that you
> are because the payoff matrix is too asymmetrical. 

Just because the current pool is untrustworthy doesn't mean that somebody 
couldn't run a trusted pool.

Keep in mind that pool+nts isn't well specified yet.  Do we want to get the 
info for several servers with one NTS-KE connection, or do we want to do the a 
DNS lookup to get several IP Addresses and then use separate NTS-KE 
connections with each of those addresses?



-- 
These are my opinions.  I hate spam.





More information about the devel mailing list