Discussion about Cancel-Lock support

Russ Allbery eagle at eyrie.org
Sun Sep 19 20:28:21 UTC 2021


Julien ÉLIE <julien at trigofacile.com> writes:

> Having 4 parameters may appear to be a bad idea (though I initially had it
> in mind).  Your suggestion of only 2 makes it clearer I think. During key
> rotation, both hashes are sent and verified.  Simply.

> cancels {
>     canlockuser: [ password anotherpassword ]
>     canlockadmin: [ adminpassword anotheradminpassword ]
> }

> seems simpler over all.

Yeah, I agree.  Unless there's a strong reason to not send the hash for
the key being retired (and I'm not seeing one), I think the above is
simpler.

-- 
Russ Allbery (eagle at eyrie.org)             <https://www.eyrie.org/~eagle/>

    Please send questions to the list rather than mailing me directly.
     <https://www.eyrie.org/~eagle/faqs/questions.html> explains why.


More information about the inn-workers mailing list