Alexander Scheel

@mikelolasagasti what's your thoughts on removing this dependency?

Thanks @DanGhita! 1. Default would remain `AES-GCM` to retain backwards compatibility, IMO. 2. Yep, we've got that in this PoC, that's the `barrier_algorithm` field. 3. We have this at a...

\o Hey @DemiMarie, great to see you around OpenBao as well! Happy to review PRs for some of your other issues we didn't get to upstream. :-) > The security...

@mikelolasagasti Right, but I'm wondering if we'd be better off removing this dependency anyways. I think we mostly considered its use as deprecated; there were a few places where we'd...

@bnevis-i Hmm, I'd move that particular thread to a new issue too if you don't mind. ;-) The short of it is that I have no idea what "SPIFFE authentication"...

@axelsimon Yes, that link is for the documentation which is contained under our `website` folder. @JanMa has already done a lot of great work on forking and updating that :-)...

\o hello @DemiMarie, sorry about the delay in getting back :-) > Hello! It’s rather funny, considering I have never used Vault _or_ OpenBao myself, mostly since I have not...

> One last thought: in the old-school languages/approaches, we used to define a versioning byte as the first field of a structure/blob. This versioning information is useful for implementing a...

Meta has now published an I-D around the new AES GCM mode they're proposing: https://datatracker.ietf.org/doc/draft-gueron-cfrg-dndkgcm/

Just dropping some notes here. `openbao/internalshared/configutil/listener.go` describes the listener's configuration, but `openbao/internalshared/listenerutil/listener.go` handles taking the parsed config and building the underlying `*tls.Config`. This calls https://github.com/hashicorp/go-secure-stdlib/tree/main/reloadutil to handle the reloading. The...