Re: The netsec thread

[Jimmy Yuen Ho Wong]

OMG my typing skills...

On Fri, Jul 20, 2018 at 1:55 PM, Jimmy Yuen Ho Wong <address@hidden> wrote:
> Woooo I like this bikeshedding :) Thanks in advance for checking out
> the netsec branch. Just a heads up tho, I plan to push my OCSP stuff
> this weekend, let me know if you prefer me doing it before or after
> your review.
>
> Abobut the issued to and issued by, there are a couple of reasons I
> just dumped out the the whole DN, mainly because of DV, OV and EV
> certs put different and sometime irrelevent things in the RDNs. But
> obvious, current iteration isn't ideal either. Perhaps I should sort
> the RDNs, and always outpunt CN=...O=...OU=.... in that order, and
> properly wrap them.
>
> As to session info, I can probably merge the TLS extensions into a single 
> line.
>
>
> On Fri, Jul 20, 2018 at 12:33 PM, Lars Ingebrigtsen <address@hidden> wrote:
>> I still haven't looked at the code for the netsec branch, but I've got
>> that scheduled for Sunday.  *crosses fingers*
>>
>> But that doesn't mean that we can't bikeshed some UI stuff in the
>> meantime.  :-)
>>
>> Here's the current NSM info buffer:
>>
>>
>>
>> And here's Jimmy's new one:
>>
>>
>>
>> I like the underlining, indentation and *bullet points, but it's looking
>> like it's moving more in the direction of a TLS debugging buffer than
>> something that a user has much chance of understanding or navigating.
>> (The old one also has that problem, but to a lesser degree.)
>>
>> For instance, displaying the full x.50x/RFC4514 string is a turn-off and
>> looks like line noise to most people, I think.  Breaking out the three
>> bits that are of interest, the CN from the issuer, the O from the
>> recipient, and the host name, is more readable.  (Not to mention that
>> the strings are usually too long and will wrap on common
>> configurations.)
>>
>> And in the opposite direction, breaking out all the encryption stuff
>> into their own lines doesn't make much sense, I think.  The session
>> details could be reserved for the `d'etails buffer.  "Encrypt-then-MAC"
>> sounds so...  internal.  :-)
>>
>> The explanation line ("... is insecure ...") hasn't been folded
>> correctly, and it says "reasons" even if there's just one reason.
>>
>> The addition of the details is great:
>>
>>
>>
>> The keystrokes should be more standard, though: SPC for forward and DEL
>> for back (perhaps in addition to the one you've got).  And I was unsure
>> what "quit" would do -- quit the entire connection or just the details
>> buffer?
>>
>> --
>> (domestic pets only, the antidote for overdose, milk.)
>>    bloggy blog: http://lars.ingebrigtsen.no
>>
>>