Manual resend to all participants due to wrong sender address of original email.
Hi, Check PR #145[1] on GH. Kind regards Noel [1] https://github.com/strongswan/strongswan/pull/145 Am 30.08.19 um 10:07 schrieb Tobias Brunner: > Hi Harald, > >> Do you think it would be possible to dynamically change the input >> form, depending upon whether its x509, PSK, smartcard or eap? The >> current static design is the confusing part. > I guess so. If somebody wants to do it, patches are welcome. > >> I am not asking you to lower it. But the admin managing the PSKs >> on his high-end VPN gateway on the peer doesn't know about this >> restriction in strongswan. How would you like to address this? > That strong secrets are enforced is already mentioned on the NM wiki > page [1]. I guess we could add the actual minimum length. Or what did > you have in mind? > >> Surely I understand that PSKs should be avoided in favor of server >> certificate and EAP, but its hard for me to close a valid Debian bug >> report about n-m-s, telling the user to drop PSKs and to try EAP >> instead. Maybe it would help to officially set the PSK feature in >> n-m-s to "deprecated"? > I've no problem with that. Something like adding "(deprecated)" to the > "Pre-shared key" entry of the authentication method drop-down field? > > Regards, > Tobias > > [1] https://wiki.strongswan.org/projects/strongswan/wiki/NetworkManager -- Noel Kuntze IT security consultant GPG Key ID: 0x0739AD6C Fingerprint: 3524 93BE B5F7 8E63 1372 AF2D F54E E40B 0739 AD6C
signature.asc
Description: OpenPGP digital signature
