Is it time to drop seccomp?

[Hal Murray]

> sycomp = seccomp?

Yup.  But you dropped an s from my syscomp


> I don't.  How many system calls is crypto going to use, though? Isn't it all
> integer arithmetic and file I/O? 

I don't expect troubles from the crypto.  It's the TCP/TLS that I'm suspicious 
of.  TLS1.3 has lots of stuff in man pages that I don't understand about 
reusing connections.  I'm pretty sure the idea is to avoid round trips when 
(re)starting a connection.  It sounds like something that is likely to do 
obscure things and be hard to test.

I like the strace idea.  Why don't you collect some data, write the code to 
process it, and compare the results with our code?  It would be interesting to 
see how many unused slots we have.

Plan B is to do it the old way.  Maybe it won't be as bad as I'm suggesting.  
Are you willing to give it a try?  I assume you are going to help test NTS 
anyway.  Do you have a certificate handy?  If not, I can write a (very) quick 
HOWTO.



-- 
These are my opinions.  I hate spam.