> What still needs to be done to fully land this feature? Key rotation? > Anything else?
I've been collecting major items in devel/TODO-NTS Mostly, it needs testing and probably an overview level documentation. Something high level rather than the details of how to configure it. Maybe a HOWTO too. We have to decide how paranoid we want to be about security. The sort of things that are good for debugging enable operation in insecure modes. For example, the "noval" option on certificates. Maybe we should have a configure time option. There are lots of small/cleanup items. I don't have a list handy. The NTS doc is still a draft, aka moving target, so we need to be prepared to make incompatible changes. We need to go through the doc and find all the MUST and SHOULD items and verify that we do them or put them on an exception list. ----------- I assume your "key rotation" includes saving keys to disk for recovery after restart. msyslog needs to be thread safe. One way to do that is to make sure each line is written as a single call to write. That's somewhat complicated since the same message goes to various combinations of 3 places: syslog, log file, console/stdout. A problem in this area is that we would like things to keep working if it crashes within msyslog. A simple lock would hang when we tried to print the crash message. I think POSIX locks have an option for threads to be able to lock again. -- These are my opinions. I hate spam. _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
