Re: Always Use VPN w/ this Connection (was Singe DES encryption should be enabled)

From: Jack Spaar <jspaar users sourceforge net>
To: networkmanager-list gnome org
Subject: Re: Always Use VPN w/ this Connection (was Singe DES encryption should be enabled)
Date: Mon, 26 Feb 2007 08:06:04 +0000 (UTC)

On Sat, 2007-02-24 at 08:10 -0500, Dan Williams wrote:
> On Fri, 2007-02-23 at 23:24 +0000, Jack Spaar wrote:
> > [*snipped*]
> > Any thoughts on whether this is useful/appropriate/realistic ? It
> > seems at least the "Start a VPN automatically" is within easy reach.
> 
> I believe you're right, and this is a good idea.  How UI bits get done
> depend on how you look at it.  Should there be a picker in the setup UI
> for a _connection_ that says "always use this VPN", or should the VPN
> setup bits have a picker for "when this connection is made, start me"?
> 
> 
Thanks for the response Dan.  I hadn't looked at it from the VPN-side
picker angle.

Agonizing out loud for a bit: since my use case is many connections but
only one VPN, I still view the VPN-to-connection relation as a property of
the connection instead of the other way around.  A VPN-side picker has the
advantage of not requiring the user to decide at "connect to other
network" (connection creation) time that a VPN will be used.  And has
minimal impact on existing UI. Instead once I'm connected to an AP, I
could select a VPN connection just as I would now, but have an optional
"start me whenever this connection is made" checkbox at that point.

Either way, that thought experiment makes wish for an editable connection
properties dialog box.

> If this option was checked, we'd probably want to suppress the
> connection state signals until the VPN connection was successful (like I
> think you suggest), just to avoid inadvertent leakage.

Exactly.  I *never* want Evolution to broadcast unencrypted POP
credentials by auto-checking mail while the VPN isn't up.  In pipe-dream
land I'd love to be able to hand a gconf-locked-down laptop to a non-tech
roadwarrior and know they'd always be network-safe.  But for now
auto-starting the VPN while suppressing the connection state signal until
the VPN is up is a useful step forward.

> I don't think it would be all that hard, actually.  But remember, doing
> stuff must not impede a "Just Works" default, and I think it's fairly
> easy to make sure that tying a VPN to a connection would not do so.
> 
> 
Fair enough.  I'll take that as: "Patches welcome" % "Just Works". ;)

--Jack

References:
- Singe DES encryption should be enabled
  - From: =?iso-8859-1?q?Olaf=20Telsh=F6rner?=
- Re: Singe DES encryption should be enabled
  - From: Dan Williams
- Re: Singe DES encryption should be enabled
  - From: Jon Nettleton
- Re: Singe DES encryption should be enabled
  - From: Jon Nettleton
- Always Use VPN w/ this Connection (was Singe DES encryption should be enabled)
  - From: Jack Spaar
- Re: Always Use VPN w/ this Connection (was Singe DES encryption should be enabled)
  - From: Dan Williams

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]