[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Network security manager

From: Lars Magne Ingebrigtsen
Subject: Re: Network security manager
Date: Wed, 19 Nov 2014 09:55:00 +0100
User-agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux)

Toke Høiland-Jørgensen <address@hidden> writes:

> Once the fingerprint is stored, though, it fails in weird ways. I tried
> manually modifying the fingerprint in the network-security.data file (to
> make verification fail). This elicits this behaviour:
> - On security levels high and paranoid, verification just fails silently
>   (open-network-stream returns nil), with no option to update the stored
>   fingerprint.
> - On security levels low and medium, verification *succeeds*, even
>   though a fingerprint is stored that does not match the certificate.

Sounds like a bug.  >"?  I'll have a look at it tonight.

> Finally, GnuTLS has the ability to generate ASCII art of the certificate
> public key, like this:
>       Public key's random art:
>               +--[ RSA 4096]----+
>               |           ..o  .|
>               |            ooo.o|
>               |            .o..o|
>               |       .    o + .|
>               |      . S    = E |
>               |     o . o  .    |
>               |      = o .  o   |
>               |       B .. .... |
>               |     .+ oo..o++  |
>               +-----------------+

Unfortunately, this seems to have been introduced in a later version of
the library than what I have on my development machine, so I haven't
been able to test.

> Supposedly, this should make it possible to verify a certificate at a
> glance (relying on human visual memory being superior to our ability to
> recognise long strings of alphanumericals). Might be worthwhile to
> include this in (some of) the popups? Can't really figure out if I think
> it's just a gimmick, or what, but I thought I'd suggest it. Gnutls-cli
> uses it... The function is gnutls_random_art().

Yeah, I don't know either whether it's useful.  Does anybody else have
an opinion?  Anybody ever found the "random art" handy?

(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

reply via email to

[Prev in Thread] Current Thread [Next in Thread]