On 11/3/06, James Yonan <j...@yonan.net> wrote:
> 1. Handling privilege dropping correctly, so that client can drop
> privileges before connect.
>
Actually there is flexibility here -- the client can drop privileges
earlier by config file option, but it generally doesn't until after the
connection is established so that it can accept pushed routes from the
server -- we could fix this by using a split privilege model, but then
you have to deal with the extra complexity.
I don't like split privilege model, since the split part always runs
as privileged user... We don't need that, we can make use of sudo
command to do all the stuff we need to do, and via script interface
which is much simper. This is true that we have a problem with this
feature in Windows environment, but I don't think we should support
every feature in Windows as well, Windows machine will work as now
without changing user id.
> 3. Allow the management to perform private key operations, so that
> pre-authenticated keys can be used out of an agent, or different
> sources, such as KDE, smartcards or any other storage. (This makes 2
> obsolete).
I think it's great if you are volunteering to do this. It's an
Sure!
interesting idea, to move CryptoAPI and PKCS#11 code out of OpenVPN
executable into a library that would be used by the GUI. My only
concern is that I don't want to make it much more difficult to write an
OpenVPN GUI. So I'm thinking that this would be an optional capability
that GUIs could choose to implement.
True. I will leave the file based (RSA/PKCS#12) authentication inside OpenVPN.
So that GUI that don't wish to use external devices will be able to,
but we should encourage people to use the library also for key based
files.
Please set release target for this feature.
Best Regards,
Alon Bar-Lev.
