[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Network security manager

From: Lars Magne Ingebrigtsen
Subject: Re: Network security manager
Date: Tue, 18 Nov 2014 22:06:01 +0100
User-agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/24.4.51 (gnu/linux)

Toke Høiland-Jørgensen <address@hidden> writes:

> Tangentially related, one thing I would like to be able to have, is to
> have multiple fingerprints stored for the same host,post tuple *at the
> same time*. I run into this problem with servers that do round-robin to
> different servers with different certs for the same hostname. I'd like
> to be able to store all of them at once (by, for instance, connecting a
> bunch of times and trusting the certificates one by one, and then know
> that after that a mismatch should be considered suspicious).

That should be easy to implement -- we can just allow the :fingerprint
slot to be a list and check against that.

But what would the user interface say?  Today it says

The fingerprint for the connection to %s:%s has changed from\n%s to\n%s
Connect anyway?  (no, session only, always)

So...  erm...  

Connect anyway?  (no, session only, always, add new fingerprint)

No, that's two "a"'s...

(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

reply via email to

[Prev in Thread] Current Thread [Next in Thread]