[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: The netsec thread
From: |
Jimmy Yuen Ho Wong |
Subject: |
Re: The netsec thread |
Date: |
Fri, 20 Jul 2018 13:59:12 +0100 |
OMG my typing skills...
On Fri, Jul 20, 2018 at 1:55 PM, Jimmy Yuen Ho Wong <address@hidden> wrote:
> Woooo I like this bikeshedding :) Thanks in advance for checking out
> the netsec branch. Just a heads up tho, I plan to push my OCSP stuff
> this weekend, let me know if you prefer me doing it before or after
> your review.
>
> Abobut the issued to and issued by, there are a couple of reasons I
> just dumped out the the whole DN, mainly because of DV, OV and EV
> certs put different and sometime irrelevent things in the RDNs. But
> obvious, current iteration isn't ideal either. Perhaps I should sort
> the RDNs, and always outpunt CN=...O=...OU=.... in that order, and
> properly wrap them.
>
> As to session info, I can probably merge the TLS extensions into a single
> line.
>
>
> On Fri, Jul 20, 2018 at 12:33 PM, Lars Ingebrigtsen <address@hidden> wrote:
>> I still haven't looked at the code for the netsec branch, but I've got
>> that scheduled for Sunday. *crosses fingers*
>>
>> But that doesn't mean that we can't bikeshed some UI stuff in the
>> meantime. :-)
>>
>> Here's the current NSM info buffer:
>>
>>
>>
>> And here's Jimmy's new one:
>>
>>
>>
>> I like the underlining, indentation and *bullet points, but it's looking
>> like it's moving more in the direction of a TLS debugging buffer than
>> something that a user has much chance of understanding or navigating.
>> (The old one also has that problem, but to a lesser degree.)
>>
>> For instance, displaying the full x.50x/RFC4514 string is a turn-off and
>> looks like line noise to most people, I think. Breaking out the three
>> bits that are of interest, the CN from the issuer, the O from the
>> recipient, and the host name, is more readable. (Not to mention that
>> the strings are usually too long and will wrap on common
>> configurations.)
>>
>> And in the opposite direction, breaking out all the encryption stuff
>> into their own lines doesn't make much sense, I think. The session
>> details could be reserved for the `d'etails buffer. "Encrypt-then-MAC"
>> sounds so... internal. :-)
>>
>> The explanation line ("... is insecure ...") hasn't been folded
>> correctly, and it says "reasons" even if there's just one reason.
>>
>> The addition of the details is great:
>>
>>
>>
>> The keystrokes should be more standard, though: SPC for forward and DEL
>> for back (perhaps in addition to the one you've got). And I was unsure
>> what "quit" would do -- quit the entire connection or just the details
>> buffer?
>>
>> --
>> (domestic pets only, the antidote for overdose, milk.)
>> bloggy blog: http://lars.ingebrigtsen.no
>>
>>
- Re: The netsec thread, (continued)
- Re: The netsec thread, Lars Ingebrigtsen, 2018/07/23
- Re: The netsec thread, Jimmy Yuen Ho Wong, 2018/07/23
- Re: The netsec thread, Lars Ingebrigtsen, 2018/07/23
- Re: The netsec thread, Jimmy Yuen Ho Wong, 2018/07/23
- Re: The netsec thread, Noam Postavsky, 2018/07/23
- Re: The netsec thread, Lars Ingebrigtsen, 2018/07/23
- Re: The netsec thread, Andreas Schwab, 2018/07/23
Re: The netsec thread, Jimmy Yuen Ho Wong, 2018/07/20