Re: Phase2 patch v2
- From: Dan Williams <dcbw redhat com>
- To: Volker Braun <volker braun physik hu-berlin de>
- Cc: networkmanager-list gnome org
- Subject: Re: Phase2 patch v2
- Date: Tue, 30 Jan 2007 11:56:43 -0500
On Tue, 2007-01-30 at 05:31 +0000, Volker Braun wrote:
> On Mon, 29 Jan 2007 22:48:08 -0500, Dan Williams wrote:
> >> Another great feature for NetworkManager would be if it would pop up a
> >> warning if something is not safe.
> > I'm not really convinced :) I don't think we should make this thing a
> > nagging popup, even something that can be turned off.
>
> Yes, true. popups suck... As you said, the config dialog could
> give some feedback, like a broken lock vs. closed lock icon
> to indicate that the network is insecure or that there is at least a
> minimum of security. I think only WPAx enterprise is really secure, so
> maybe more gradations are needed.
>
> > I also assert that if you've got a WPA-TLS network that's misconfigured,
> > you've got more problems than a warning dialog, your admin should be
> > shot.
>
> True, but I was more thinking of the user not entering ca_cert. From
> wpa_supplicant.conf: "If ca_cert and ca_path are not included, server
> certificate will not be verified. This is insecure and a trusted CA
> certificate should always be configured when using EAP-TLS/TTLS/PEAP.".
> Though that example would be moot if ca_cert and ca_cert2 would
> automatically point to the distribution's root certificate file. I guess
> that if the network configuration dialog makes sure that you can't shoot
> yourself in the foot then WPAx enterprise is always secure.
Oh right; the config dialog should really hide options that don't apply,
or require options that do apply, or put up a warning when some config
may be insecure that you enter. Then, you only get hit once.
Dan
> Volker
>
> _______________________________________________
> NetworkManager-list mailing list
> NetworkManager-list gnome org
> http://mail.gnome.org/mailman/listinfo/networkmanager-list
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]