[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Network security manager
From: |
Lars Magne Ingebrigtsen |
Subject: |
Re: Network security manager |
Date: |
Wed, 19 Nov 2014 09:55:00 +0100 |
User-agent: |
Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux) |
Toke Høiland-Jørgensen <address@hidden> writes:
> Once the fingerprint is stored, though, it fails in weird ways. I tried
> manually modifying the fingerprint in the network-security.data file (to
> make verification fail). This elicits this behaviour:
>
> - On security levels high and paranoid, verification just fails silently
> (open-network-stream returns nil), with no option to update the stored
> fingerprint.
>
> - On security levels low and medium, verification *succeeds*, even
> though a fingerprint is stored that does not match the certificate.
Sounds like a bug. >"? I'll have a look at it tonight.
> Finally, GnuTLS has the ability to generate ASCII art of the certificate
> public key, like this:
>
> Public key's random art:
> +--[ RSA 4096]----+
> | ..o .|
> | ooo.o|
> | .o..o|
> | . o + .|
> | . S = E |
> | o . o . |
> | = o . o |
> | B .. .... |
> | .+ oo..o++ |
> +-----------------+
Unfortunately, this seems to have been introduced in a later version of
the library than what I have on my development machine, so I haven't
been able to test.
> Supposedly, this should make it possible to verify a certificate at a
> glance (relying on human visual memory being superior to our ability to
> recognise long strings of alphanumericals). Might be worthwhile to
> include this in (some of) the popups? Can't really figure out if I think
> it's just a gimmick, or what, but I thought I'd suggest it. Gnutls-cli
> uses it... The function is gnutls_random_art().
Yeah, I don't know either whether it's useful. Does anybody else have
an opinion? Anybody ever found the "random art" handy?
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
- Re: Network security manager, (continued)
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/19
- Re: Network security manager, Toke Høiland-Jørgensen, 2014/11/18
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/18
- Re: Network security manager, Toke Høiland-Jørgensen, 2014/11/18
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/18
- Re: Network security manager, Toke Høiland-Jørgensen, 2014/11/18
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/18
- Re: Network security manager, Toke Høiland-Jørgensen, 2014/11/18
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/18
- Re: Network security manager, Toke Høiland-Jørgensen, 2014/11/19
- Re: Network security manager,
Lars Magne Ingebrigtsen <=
- Re: Network security manager, Garreau\, Alexandre, 2014/11/19
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/19
- Re: Network security manager, Garreau\, Alexandre, 2014/11/19
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/19
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/23
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/23
- Re: Network security manager, Garreau\, Alexandre, 2014/11/23
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/23
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/23
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/23