Release Meeting Minutes/2013-07-09
Will Fiveash, Greg Hudson, Ben Kaduk, Nathaniel McCallum, Simo Sorce, Zhanna Tsitkov, Tom Yu
- (to Nathaniel) think we're done. Maybe one more thing.
Simo proposes negative cache for service principals in GSS.
- There's a long 30-second timeout on ssh if the target doesn't support GSS.
- It was making ~120 queries. Domain walk. Multiple KDC lookups etc.
- Firefox falls back on NTLM. Each img does a new GSS attempt. Long timeouts.
Maybe negative cache should have a short timeout? a few seconds?
- Not more than 5 seconds.
- Probably won't be able to do this in time for 1.12.
- Red Hat might be interested in process-backed ccache.
Some discussion about strategies -- doors, dbus, etc. Some challenges with things like sudo.
- Might find someone at Red Hat to do it.
- GSS/NTLM. Can't use MIT crypto; used OpenSSL instead. Not exported. No Unicode support.
- Why OpenSSL and not NSS?
- Needed MD4.