[1244] in Hesiod
Re: [Hesiod] Announce: Hesutils, the Hesiod utilities
daemon@ATHENA.MIT.EDU (JFLF)
Thu Mar 18 09:46:35 2021
To: Andy Bennett <andyjpb@ashurst.eu.org>
From: JFLF <jflf-gitlab@outlook.com>
Message-ID: <HE1PR0402MB362840397BE2C6C2C7A77B6081699@HE1PR0402MB3628.eurprd04.prod.outlook.com>
Date: Thu, 18 Mar 2021 14:45:38 +0100
In-Reply-To: <7c1dfa42-4577-41d8-a53e-776dc62ec4a7@ashurst.eu.org>
Content-Language: en-US
MIME-Version: 1.0
Cc: hesiod@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: hesiod-bounces@mit.edu
Hello again Andy,
Apologies for the delay, it took me that long to write up the rest of
the documentation.
There is a lot more now, and it covers much more ground. And I have the
two example pages.
I haven't managed yet to get Google to index it (any hint is
appreciated), so for now you still need the URL:
https://gitlab.com/jflf/hesutils
Again, feedback / suggestions / mistake reports would be highly appreciated.
Thanks!
JF
On 25/02/2021 14.46, Andy Bennett wrote:
> Hi,
>
>>> It looks great.
>>> I also have a script called `hesgen` that I wrote years ago but it's
>>> nowhere near as sophisticated or well written as this one! ...
>>
>> Thank you for the kind words! I hope that you won't change your mind
>> after looking into it more closely. :)
>
> It still looks great, although I noticed that he 2 example pages don't
> seem to exist.
>
>
>> I was going to add that the MIT still have their Hesiod NS
>> (ns.athena.mit.edu) available over the internet without any security
>> of any sort. That's the reason why there's an option to block
>> requests to that NS in the Hesutils configuration file, as
>> unconfigured clients would send their requests there. But it seems to
>> have disappeared! I'm only getting a custom SOA with
>> "HESREQ.mit.edu." as the rname.
>>
>> When I started writing those scripts, about 4 years ago, that NS
>> still answered. So it seems that the changes have happened
>> comparatively recently. Does anyone know what happened? Are they
>> still using Hesiod internally, or have they decommissioned their
>> Hesiod infrastructure entirely?
>
> I had noticed that the ns.athena.mit.edu zone was still available a
> few years ago when I was thinking about GDPR stuff here in the UK.
> I hadn't noticed that it had since disappeared tho'.
> Good find!
>
>
> It strikes me that Hesiod + Kerberos are a good design that haven't
> kept up with advances in cryptography practice. ...and there are lots
> of projects which are vainly attempting to do similar things over
> https, etc. They all seem a lot more complex. It'd be nice if Hesiod &
> Kerberos were up-to-date with security and crypto practices as they
> otherwise still seem to be best-in-class approaches to the underlying
> problems.
>
>
>
>
>
>
> Best wishes,
> @ndy
>
_______________________________________________
Hesiod@mit.edu
http://mailman.mit.edu/mailman/listinfo/hesiod
