Re: Phase2 patch v2

[Dan Williams <dcbw redhat com>]

On Tue, 2007-01-30 at 05:31 +0000, Volker Braun wrote:
> On Mon, 29 Jan 2007 22:48:08 -0500, Dan Williams wrote:
> >> Another great feature for NetworkManager would be if it would pop up a
> >> warning if something is not safe.
> > I'm not really convinced :)  I don't think we should make this thing a
> > nagging popup, even something that can be turned off.
> 
> Yes, true. popups suck... As you said, the config dialog could
> give some feedback, like a broken lock vs. closed lock icon
> to indicate that the network is insecure or that there is at least a
> minimum of security. I think only WPAx enterprise is really secure, so
> maybe more gradations are needed.
> 
> > I also assert that if you've got a WPA-TLS network that's misconfigured,
> > you've got more problems than a warning dialog, your admin should be
> > shot. 
> 
> True, but I was more thinking of the user not entering ca_cert. From
> wpa_supplicant.conf: "If ca_cert and ca_path are not included, server
> certificate will not be verified. This is insecure and a trusted CA
> certificate should always be configured when using EAP-TLS/TTLS/PEAP.".
> Though that example would be moot if ca_cert and ca_cert2 would
> automatically point to the distribution's root certificate file. I guess
> that if the network configuration dialog makes sure that you can't shoot
> yourself in the foot then WPAx enterprise is always secure.

Oh right; the config dialog should really hide options that don't apply,
or require options that do apply, or put up a warning when some config
may be insecure that you enter.  Then, you only get hit once.

Dan

> Volker
> 
> _______________________________________________
> NetworkManager-list mailing list
> NetworkManager-list gnome org
> http://mail.gnome.org/mailman/listinfo/networkmanager-list