On Mon, 29 Jan 2007 22:48:08 -0500, Dan Williams wrote: >> Another great feature for NetworkManager would be if it would pop up a >> warning if something is not safe. > I'm not really convinced :) I don't think we should make this thing a > nagging popup, even something that can be turned off.
Yes, true. popups suck... As you said, the config dialog could give some feedback, like a broken lock vs. closed lock icon to indicate that the network is insecure or that there is at least a minimum of security. I think only WPAx enterprise is really secure, so maybe more gradations are needed. > I also assert that if you've got a WPA-TLS network that's misconfigured, > you've got more problems than a warning dialog, your admin should be > shot. True, but I was more thinking of the user not entering ca_cert. From wpa_supplicant.conf: "If ca_cert and ca_path are not included, server certificate will not be verified. This is insecure and a trusted CA certificate should always be configured when using EAP-TLS/TTLS/PEAP.". Though that example would be moot if ca_cert and ca_cert2 would automatically point to the distribution's root certificate file. I guess that if the network configuration dialog makes sure that you can't shoot yourself in the foot then WPAx enterprise is always secure. Volker _______________________________________________ NetworkManager-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/networkmanager-list
