[Swan-dev] Set keyingtries to 1 for Opportunistic Encryption connections

Paul Wouters paul at nohats.ca
Thu Mar 26 16:53:39 UTC 2020


On Thu, 26 Mar 2020, Andrew Cagney wrote:

> To: D. Hugh Redelmeier <hugh at mimosa.com>
> Subject: Re: [Swan-dev] Set keyingtries to 1 for Opportunistic Encryption
>     connections
> 
> ?

It is still on my TODO list.....

There is surely a weird interplay between options and what they should
mean. Normally when we do --up it means POLICY_UP as in "always be up",
but with keyingtries != 0 that might not really be the case. I dont
know how we would denote that in the policies. I feel more and more
that keyingtries should always be 0 for non-opportunistic connections
and 1 for non-opportunistic connections.

So while not having POLICY_UP is probably the right thing to miss for
keyingtries != 0 and OE connections, I'd like to think about this a bit
more before updating the test results.

Paul


More information about the Swan-dev mailing list