Changes between Version 25 and Version 26 of MunichHackathon2013


Ignore:
Timestamp:
11/16/13 10:53:28 (11 years ago)
Author:
Gert Döring
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • MunichHackathon2013

    v25 v26  
    104104   * what to do about zealots that will not accept closed license?  are we in a risk of forking the project?  can we **do** anything about it, if we accept the need to have an iOS client?  (cron2 says "no")
    105105   * separate openvpn 3 into "core" (dual-licensed, with CLA) and "users of the core" (GPLed, like platform-specific for non-apple platforms, authentication related, crypto library interfaces, etc.)?  "**that sounds like a plan (and it sends the right signals to the community etc)**" :-) - more work is needed to make good APIs for that
     106   * mattock: timeline for releasing a git repo of 3?  james: "I'll publish a git repo in the next few weeks", it's a good time, the code has been fairly quietly recently
     107
     108* plan for the technical development of 2.4 and 3?
     109   * "we will have 2.x around for quite a while, at least for the server"
     110   * 3 will eventually be "a general client", and we might remove "client-only bits" from 2.x
     111   * move over to 3 will take a while...
     112   * dazo: linux, network manager, talking to openvpn 3 as a client would be a great thing - james: that's what the 3 core is good at, being API driven
     113   * james: openvpn 3 is really meant to be used as a library, not so much as a command line client (even if it exists)
     114   * 2.4: d12fk: the interactive service should be in.  It's being shipped in the Astaro UTM provided client for a while, and works good for IPv4 routes today, but some bits are still being added (DNS, winbind, IPv6, ...)
     115   * 2.4: dual stack cleanup (plaisthos)
     116      * behaviour about as openvpn 3 does regarding talk to dual-stack servers
     117      * well-tested in the android client, still needs review
     118      * as a side note: socket.c in 3 replaced by boost ASIO library "which is brilliant and bug free"
     119   * 2.4: handshake crypto parameters?
     120      * "what is the best way to go there"?
     121      * we have TLS handshaking - use that to define data-link cipher?
     122      * reason for independent TLS and data layer crypto: SSL library might not expose symmetric crypto algorithms that are used for SSL/TLS handshake inside the library
     123      * client pushes list of supported ciphers+hmac digest, server picks, pushes back?
     124      * GOAL: reduce extent of incompatibilities in config file settings ("1000 clients that use MD5 and you want to switch to SHA2 on the server side")
     125      * for //compression// handshake: client sends "flags" (IV_LZO=1, IV_SNAPPY=1, ...) in the TLS control channel (at authentication phase), server decides via mgmt interface or client-connect script