[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: The netsec thread
|
From: |
Jimmy Yuen Ho Wong |
|
Subject: |
Re: The netsec thread |
|
Date: |
Fri, 20 Jul 2018 13:55:01 +0100 |
Woooo I like this bikeshedding :) Thanks in advance for checking out
the netsec branch. Just a heads up tho, I plan to push my OCSP stuff
this weekend, let me know if you prefer me doing it before or after
your review.
Abobut the issued to and issued by, there are a couple of reasons I
just dumped out the the whole DN, mainly because of DV, OV and EV
certs put different and sometime irrelevent things in the RDNs. But
obvious, current iteration isn't ideal either. Perhaps I should sort
the RDNs, and always outpunt CN=...O=...OU=.... in that order, and
properly wrap them.
As to session info, I can probably merge the TLS extensions into a single line.
On Fri, Jul 20, 2018 at 12:33 PM, Lars Ingebrigtsen <address@hidden> wrote:
> I still haven't looked at the code for the netsec branch, but I've got
> that scheduled for Sunday. *crosses fingers*
>
> But that doesn't mean that we can't bikeshed some UI stuff in the
> meantime. :-)
>
> Here's the current NSM info buffer:
>
>
>
> And here's Jimmy's new one:
>
>
>
> I like the underlining, indentation and *bullet points, but it's looking
> like it's moving more in the direction of a TLS debugging buffer than
> something that a user has much chance of understanding or navigating.
> (The old one also has that problem, but to a lesser degree.)
>
> For instance, displaying the full x.50x/RFC4514 string is a turn-off and
> looks like line noise to most people, I think. Breaking out the three
> bits that are of interest, the CN from the issuer, the O from the
> recipient, and the host name, is more readable. (Not to mention that
> the strings are usually too long and will wrap on common
> configurations.)
>
> And in the opposite direction, breaking out all the encryption stuff
> into their own lines doesn't make much sense, I think. The session
> details could be reserved for the `d'etails buffer. "Encrypt-then-MAC"
> sounds so... internal. :-)
>
> The explanation line ("... is insecure ...") hasn't been folded
> correctly, and it says "reasons" even if there's just one reason.
>
> The addition of the details is great:
>
>
>
> The keystrokes should be more standard, though: SPC for forward and DEL
> for back (perhaps in addition to the one you've got). And I was unsure
> what "quit" would do -- quit the entire connection or just the details
> buffer?
>
> --
> (domestic pets only, the antidote for overdose, milk.)
> bloggy blog: http://lars.ingebrigtsen.no
>
>
- Re: The netsec thread, (continued)
- Re: The netsec thread, Lars Ingebrigtsen, 2018/07/23
- Re: The netsec thread, Jimmy Yuen Ho Wong, 2018/07/23
- Re: The netsec thread, Lars Ingebrigtsen, 2018/07/23
- Re: The netsec thread, Jimmy Yuen Ho Wong, 2018/07/23
- Re: The netsec thread, Noam Postavsky, 2018/07/23
- Re: The netsec thread, Lars Ingebrigtsen, 2018/07/23
- Re: The netsec thread, Andreas Schwab, 2018/07/23
Re: The netsec thread,
Jimmy Yuen Ho Wong <=