Re: Phase2 patch v2
- From: Volker Braun <volker braun physik hu-berlin de>
- To: networkmanager-list gnome org
- Subject: Re: Phase2 patch v2
- Date: Tue, 30 Jan 2007 05:31:04 +0000 (UTC)
On Mon, 29 Jan 2007 22:48:08 -0500, Dan Williams wrote:
>> Another great feature for NetworkManager would be if it would pop up a
>> warning if something is not safe.
> I'm not really convinced :) I don't think we should make this thing a
> nagging popup, even something that can be turned off.
Yes, true. popups suck... As you said, the config dialog could
give some feedback, like a broken lock vs. closed lock icon
to indicate that the network is insecure or that there is at least a
minimum of security. I think only WPAx enterprise is really secure, so
maybe more gradations are needed.
> I also assert that if you've got a WPA-TLS network that's misconfigured,
> you've got more problems than a warning dialog, your admin should be
> shot.
True, but I was more thinking of the user not entering ca_cert. From
wpa_supplicant.conf: "If ca_cert and ca_path are not included, server
certificate will not be verified. This is insecure and a trusted CA
certificate should always be configured when using EAP-TLS/TTLS/PEAP.".
Though that example would be moot if ca_cert and ca_cert2 would
automatically point to the distribution's root certificate file. I guess
that if the network configuration dialog makes sure that you can't shoot
yourself in the foot then WPAx enterprise is always secure.
Volker
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]