@tech
this combo has been working great for me the past few days.
i have not encountered any sort of crash since doing a sysupgrade.
$ sysctl kern.version
kern.version=OpenBSD 6.9-current (GENERIC.MP) #158: Sat Jul 31 11:00:00 MDT 2021
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile
On Tue, 2021-08-03 at 21:58 +0100, Stuart Henderson wrote:
> On 2021/08/03 22:07, Martijn van Duren wrote:
> > On Tue, 2021-08-03 at 18:24 +0100, Stuart Henderson wrote:
> > > On 2021/06/15 17:39, Stuart Henderson wrote:
> > > > > Then again, I don't get the feeling many people use snmpd at this ti
On 2021/08/03 22:07, Martijn van Duren wrote:
> On Tue, 2021-08-03 at 18:24 +0100, Stuart Henderson wrote:
> > On 2021/06/15 17:39, Stuart Henderson wrote:
> > > > Then again, I don't get the feeling many people use snmpd at this time
> > > > and maybe it's a good moment to bite the bullet and go f
On Tue, 2021-08-03 at 18:24 +0100, Stuart Henderson wrote:
> On 2021/06/15 17:39, Stuart Henderson wrote:
> > > Then again, I don't get the feeling many people use snmpd at this time
> > > and maybe it's a good moment to bite the bullet and go for safest
> > > defaults possible at this time. But if
On 2021/06/15 17:39, Stuart Henderson wrote:
> > Then again, I don't get the feeling many people use snmpd at this time
> > and maybe it's a good moment to bite the bullet and go for safest
> > defaults possible at this time. But if that's the case I would like to
> > follow up with a diff to chang
On 2021/08/03 17:02, Vitaliy Makkoveev wrote:
> > - a 50% lower limit feels too low to me
> >
>
> Why? The 95% limit is too close to lifetime expiration and as it was
> exposed we don't have enough time to perform rekeying. I also had this
> problem while tested iked(8) over WIFI connection and t
On Mon, Aug 02, 2021 at 09:09:03PM -0600, Theo de Raadt wrote:
>
> I suspect the first step is to make the rekey decision be based upon the
> strength of the ciphers.
>
Do you mean the special default limits for each cipher?
On Tue, Aug 03, 2021 at 12:17:38PM +0100, Stuart Henderson wrote:
> On 2021/08/03 01:12, Vitaliy Makkoveev wrote:
> > iked(8) uses 3 hours and 512 megabytes of processed data as default
> > lifetime hard limits for Child SA. Also it sets 85-95% of these values as
> > soft limit. iked(8) should perf
On Tue, Aug 03, 2021 at 01:40:51PM +0200, Tobias Heider wrote:
> On Tue, Aug 03, 2021 at 12:17:38PM +0100, Stuart Henderson wrote:
> > On 2021/08/03 01:12, Vitaliy Makkoveev wrote:
> > > iked(8) uses 3 hours and 512 megabytes of processed data as default
> > > lifetime hard limits for Child SA. Als
Am Tue, Aug 03, 2021 at 01:40:51PM +0200 schrieb Tobias Heider:
> On Tue, Aug 03, 2021 at 12:17:38PM +0100, Stuart Henderson wrote:
> > On 2021/08/03 01:12, Vitaliy Makkoveev wrote:
> > > iked(8) uses 3 hours and 512 megabytes of processed data as default
> > > lifetime hard limits for Child SA. Al
On Tue, Aug 03, 2021 at 12:17:38PM +0100, Stuart Henderson wrote:
> On 2021/08/03 01:12, Vitaliy Makkoveev wrote:
> > iked(8) uses 3 hours and 512 megabytes of processed data as default
> > lifetime hard limits for Child SA. Also it sets 85-95% of these values as
> > soft limit. iked(8) should perf
On 2021/08/03 01:12, Vitaliy Makkoveev wrote:
> iked(8) uses 3 hours and 512 megabytes of processed data as default
> lifetime hard limits for Child SA. Also it sets 85-95% of these values as
> soft limit. iked(8) should perform rekeying before we reach hard limit
> otherwise this SA will be killed
dz...@disroot.org(dz...@disroot.org) on 2021.06.15 14:12:22 +:
> > Seems to be working as intended. You are letting someone run all binaries.
> And I am not letting someone write to the filesystem. Yet, they can
> bypass that easily. `unveil("/", "rx")` gives a false illusion of
> security, whi
13 matches
Mail list logo