[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Network security manager
From: |
Ted Zlatanov |
Subject: |
Re: Network security manager |
Date: |
Tue, 18 Nov 2014 12:44:51 -0500 |
User-agent: |
Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux) |
On Tue, 18 Nov 2014 18:36:25 +0100 Lars Magne Ingebrigtsen <address@hidden>
wrote:
LMI> Ted Zlatanov <address@hidden> writes:
LMI> GPG isn't feasible because nobody wants to type passwords.
>>
>> Whuhh?
LMI> Yeah?
Let me rephrase: I don't think that's accurate :)
>> Yes, it's a bother. We're talking about potentially dozens or hundreds
>> of exceptions in a large enterprise. But let's assume the `a' key is
>> large and easy to hit.
>>
>> Scenario 1: you allow a compromised server accidentally. You now can't
>> review the exception list to remove that compromise.
>>
>> Scenario 2: someone allows a compromised server on purpose in a few
>> seconds. You have no idea it happened.
>>
>> I'm sure there are other scenarios, but please don't make this a
>> write-only data store.
LMI> On the other hand, we could store the server names in plain text when we
LMI> store security exceptions to make reviews easier. That is, keep the
LMI> hash-only thing for STARTTLS man-in-the-middle tracking and the like,
LMI> but if the user registers an exception, then we'd stash the server name
LMI> in there, too.
LMI> This would avoid leaving a complete list of STARTTLS servers in that
LMI> file, but still allow easy removal of specific exceptions.
Works for me, as long as I can customize it to always store the server
name and port for all stored data.
Ted
- Re: Network security manager, (continued)
- Re: Network security manager, Eli Zaretskii, 2014/11/18
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/18
- Re: Network security manager, Eli Zaretskii, 2014/11/18
- Re: Network security manager, Eli Zaretskii, 2014/11/18
- Re: Network security manager, Ted Zlatanov, 2014/11/18
- Message not available
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/18
- Re: Network security manager, Ted Zlatanov, 2014/11/18
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/18
- Re: Network security manager,
Ted Zlatanov <=
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/18
- Re: Network security manager, Toke Høiland-Jørgensen, 2014/11/18
- Re: Network security manager, Ted Zlatanov, 2014/11/18
- Re: Network security manager, Toke Høiland-Jørgensen, 2014/11/19
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/19
- Re: Network security manager, Ted Zlatanov, 2014/11/19
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/19
- Re: Network security manager, Ted Zlatanov, 2014/11/19
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/19
- Re: Network security manager, Ted Zlatanov, 2014/11/19