Discussion about Cancel-Lock support
Julien ÉLIE
julien at trigofacile.com
Sun Sep 19 20:20:56 UTC 2021
Hi Russ,
>> The idea behind was to send a hash only for canlock* and verify hashes
>> for both canlock* and extra* but I agree it is a bit complex and
>> confusing. During key rotation, we can still go on send both hashes,
>> and verify both hashes, then at one time remove the old password. Looks
>> like simpler indeed, with canlock* lists.
>
> Oh, I see. In that case, maybe change extracanlockuser to
> canlockverifyuser? That makes it clearer the extra user is for
> verification only.
It would then look like:
cancels {
canlockuser: [ password ]
canlockverifyuser: [ anotherpassword ]
canlockadmin: [ adminpassword ]
canlockverifyadmin: [ anotheradminpassword ]
}
I am unsure it is clear by only looking at the names of the parameters
that "canlockverifyuser" is for adding another password to verify.
Looks like naively that the canlockuser password should also be set in
canlockverifyuser so as to also be verified (and not solely used for the
initial generation).
People generally do not know how Cancel-Lock works.
Having 4 parameters may appear to be a bad idea (though I initially had
it in mind). Your suggestion of only 2 makes it clearer I think.
During key rotation, both hashes are sent and verified. Simply.
cancels {
canlockuser: [ password anotherpassword ]
canlockadmin: [ adminpassword anotheradminpassword ]
}
seems simpler over all.
--
Julien ÉLIE
« Cela n'a rien de remarquable. Il suffit d'appuyer sur la bonne touche
au bon moment et l'instrument joue tout seul. » (J.-S. Bach)
More information about the inn-workers
mailing list