Benjamin M. Schwartz
Benjamin M. Schwartz
You could try using the Secure DNS support in your platform. Most operating systems and browsers now have built-in support.
Could you share a packet capture (i.e. PCAP file) of the Intra traffic from Wireshark? Intra should be splitting the TLS ClientHello into two TCP segments, so I'm interested to...
No, this feature is not currently supported. That behavior would make access keys permanently unusable once the limit is reached, so it seems difficult for administrators to manage. Could you...
The RSA key is only generated once on server creation, and is only used by the server manager (not the client). Have you encountered a performance problem related to this...
> Is there any validation mechanism in place regarding the certificates? Yes: see our custom fetch logic [here](https://github.com/Jigsaw-Code/outline-server/blob/5c1dbb7ab4fa5005719c5b997cbb33e3811348f9/src/server_manager/electron_app/fetch.ts#L23). > Can the client side identify which certificate is an authentic certificate...
What existing account system integration would be useful to you? Are you asking for 2FA support beyond what's already provided through SSO with a 2FA-enabled account system? What security violations...
OK, thank you for helping us understand your use case.
If UDP is not working, most applications should detect this and fall back to TCP. One exception is DNS, but Outline has a DNS-over-TCP fallback that activates if UDP appears...
By "authority", do you mean the hosting provider or a network attacker? Is this a hard threshold (9 GB/s is fine) or a rough estimate (high usage draws attention)? What...
I think we at least need to allow all the dynamic ports (49152-65535, [RFC 6335](https://tools.ietf.org/html/rfc6335#section-6)). They're commonly used for short-lived servers, and shouldn't collide with existing semantics because they're explicitly...