I agree with Arne on this one.  I’m OK with a warning, but I don’t think we 
should make it impossible.  This is where nasty forks start to show up because 
we broke something upstream (recall the day s of the lack of password-save in 
our Windows client).

Eric F Crist


> On Aug 27, 2018, at 03:10:31, Derek Zimmer <de...@ostif.org> wrote:
> 
>> That is a terrible idea. The intention is good but users will then opt
>> out of encryption because they want compression or build stacked VPNs.
> 
> That was the point of the idea though. If you want to go that far to
> go around security, you are very aware of the consequences of what
> you're doing. If we don't want to force the users hand, a big and ugly
> warning that shows up when compression + encryption is enabled may
> lead to the same end result.
> 
> In my opinion as long as the user is acutely aware of the risks and we
> make the documentation and warnings very clear, the project is as safe
> as it can be from user error driven security suicide.
> Derek Zimmer
> Chief Executive Officer
> Open Source Technology Improvement Fund
> 
> 
> On Mon, Aug 27, 2018 at 2:25 AM, Arne Schwabe <a...@rfc2549.org> wrote:
>> Am 27.08.18 um 00:55 schrieb Derek Zimmer:
>>> There's always the option of not allowing encryption to be enabled
>>> with compression enabled. This keeps things like using OpenVPN as
>>> fancy proxy working without endangering the privacy VPN use-case.
>> 
>> That is a terrible idea. The intention is good but users will then opt
>> out of encryption because they want compression or build stacked VPNs.
>> 
>> Arne
> 
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Openvpn-devel mailing list
> Openvpn-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Attachment: signature.asc
Description: Message signed with OpenPGP

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to