What's left to doo on NTS.

Hal Murray hmurray at megapathdsl.net
Fri Mar 1 23:46:49 UTC 2019


> What still needs to be done to fully land this feature? Key rotation?
> Anything else?

I've been collecting major items in devel/TODO-NTS

Mostly, it needs testing and probably an overview level documentation.  
Something high level rather than the details of how to configure it.  Maybe a 
HOWTO too.

We have to decide how paranoid we want to be about security.  The sort of 
things that are good for debugging enable operation in insecure modes.  For 
example, the "noval" option on certificates.  Maybe we should have a configure 
time option.

There are lots of small/cleanup items.  I don't have a list handy.

The NTS doc is still a draft, aka moving target, so we need to be prepared to 
make incompatible changes.

We need to go through the doc and find all the MUST and SHOULD items and 
verify that we do them or put them on an exception list.

-----------

I assume your "key rotation" includes saving keys to disk for recovery after 
restart.

msyslog needs to be thread safe.  One way to do that is to make sure each line 
is written as a single call to write.  That's somewhat complicated since the 
same message goes to various combinations of 3 places: syslog, log file, 
console/stdout.

A problem in this area is that we would like things to keep working if it 
crashes within msyslog.  A simple lock would hang when we tried to print the 
crash message.  I think POSIX locks have an option for threads to be able to 
lock again.

-- 
These are my opinions.  I hate spam.





More information about the devel mailing list