On Sun, 2007-01-28 at 22:49 +0000, Volker Braun wrote: > http://carrot.hep.upenn.edu/~vbraun/phase2-v2.patch > > Now doesn't break libnm-util abi. > > I also added GTC to the phase2 choices as Grant suggested, so PEAP+GTC > should be possible. I'm wondering if anybody uses it, though. Certainly not > with a "Generic Token Card" as originally intended? Although I'm sure > somebody out there abuses it with a static password. Probably a very bad > idea, http://en.wikipedia.org/wiki/Extensible_Authentication_Protocol > says: "EAP-GTC does not protect the authentication data in any way."
Patch looks great, thanks! I'll drop it in as soon as the applet split goes through. > Another great feature for NetworkManager would be if it would pop up a > warning if something is not safe. For example, before connecting to an > unencrypted network or, say, WPA-TLS without ca_cert warn about a > possible man-in-the-middle attack. I'm not really convinced :) I don't think we should make this thing a nagging popup, even something that can be turned off. I have a feeling that we should simply emphasize the unsecured aspect of unencrypted wireless networks more in a negative light, or emphasize secured ones more in a positive light. But I don't think we want to have a popup every time you connect to an unsecured or WEP network. I also assert that if you've got a WPA-TLS network that's misconfigured, you've got more problems than a warning dialog, your admin should be shot. You can't set up a WPA[2] Enterprise network without a RADIUS server and you certainly can't do it with commodity hardware. However, we could make the config dialog yell at you; but we shouldn't do a popup at connect time. Those types of things just get annoying enough that you just check the "don't tell me again" checkbox without reading it, just like Firefox and self-signed SSL certificates. Anyway, thanks for the patch! Dan _______________________________________________ NetworkManager-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/networkmanager-list
