Re: Phase2 patch v2

From: Volker Braun <volker braun physik hu-berlin de>
To: networkmanager-list gnome org
Subject: Re: Phase2 patch v2
Date: Tue, 30 Jan 2007 05:31:04 +0000 (UTC)

On Mon, 29 Jan 2007 22:48:08 -0500, Dan Williams wrote:
>> Another great feature for NetworkManager would be if it would pop up a
>> warning if something is not safe.
> I'm not really convinced :)  I don't think we should make this thing a
> nagging popup, even something that can be turned off.

Yes, true. popups suck... As you said, the config dialog could
give some feedback, like a broken lock vs. closed lock icon
to indicate that the network is insecure or that there is at least a
minimum of security. I think only WPAx enterprise is really secure, so
maybe more gradations are needed.

> I also assert that if you've got a WPA-TLS network that's misconfigured,
> you've got more problems than a warning dialog, your admin should be
> shot. 

True, but I was more thinking of the user not entering ca_cert. From
wpa_supplicant.conf: "If ca_cert and ca_path are not included, server
certificate will not be verified. This is insecure and a trusted CA
certificate should always be configured when using EAP-TLS/TTLS/PEAP.".
Though that example would be moot if ca_cert and ca_cert2 would
automatically point to the distribution's root certificate file. I guess
that if the network configuration dialog makes sure that you can't shoot
yourself in the foot then WPAx enterprise is always secure.

Volker

Follow-Ups:
- Re: Phase2 patch v2
  - From: Dan Williams

References:
- Phase2 patch v2
  - From: Volker Braun
- Re: Phase2 patch v2
  - From: Dan Williams

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]