Currently the server DUID is hard-coded, so all instances of enftun will present the same DUID. This reuse definitely violates the intent and spirit of the DUID concept, although it might not cause any actual issues.
There are a couple of options to consider to be more "compliant":
-
Generate the DUID randomly each time enftun starts up. I like that this approach is stateless, but not that the DUID will change on each boot (which is not necessary).
-
Generate the DUID randomly on the first time enftun starts up and store it for future reuse. This approach requires storing state.
Since we already store the TLS credentials anyway, storing another file with the DUID seems fine.
If for some reason the file can't be read (or written), then fallback to regenerating a new DUID, like case 1.
Currently the server DUID is hard-coded, so all instances of
enftunwill present the same DUID. This reuse definitely violates the intent and spirit of the DUID concept, although it might not cause any actual issues.There are a couple of options to consider to be more "compliant":
Generate the DUID randomly each time
enftunstarts up. I like that this approach is stateless, but not that the DUID will change on each boot (which is not necessary).Generate the DUID randomly on the first time
enftunstarts up and store it for future reuse. This approach requires storing state.Since we already store the TLS credentials anyway, storing another file with the DUID seems fine.
If for some reason the file can't be read (or written), then fallback to regenerating a new DUID, like case 1.