[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: ssl auth failure gui: does "continue" do what I think it does?
From:       Nicholas Tung <gatoatigrado () gmail ! com>
Date:       2009-06-05 23:49:28
Message-ID: fa81b0d10906051649j4e48aa78rcc7f0af556de37ac () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Jeff - I hope you got my apology, I certainly didn't mean to start a
flamewar or disrespect you with some poorly thought out parenthetical
comment.

On Fri, Jun 5, 2009 at 15:36, Jeff Mitchell <mitchell@kde.org> wrote:
>
> > How
> > many /new/ unconfirmed sites do you come across for the four clicks to
> > be an annoyance?
>
> Plenty.  Enough for me to find it annoying, obviously.  It doesn't help
> that the clicks are hyperlinks so you can't alt+key them like you used
> to be.


Fair enough.


> > And, if you consider "ssh" to be a "savvy user thing", then what do you
> > say about the "IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!"
> > when the same situation occurs (i.e. the public key changes)?
>
> I don't follow.  SSH works the same exact way.  When you connect
> somewhere you don't know, it asks you to confirm this, then it stores
> that confirmation.  This is like the Firefox behavior (except the
> Firefox behavior requires four confirmations).  If a key changes, it
> gives you a warning...just like Firefox if the cert changes from one
> "invalid" cert to another.


Right, and one has to either edit the ssh command, or edit
~/.ssh/known_hosts, which is more complicated than saying "continue" (afaik
it simply spits this message out and quits). I guess KDE probably isn't
storing previous RSA keys, so it doesn't know that gmail.com used to have a
signed certificate, and now doesn't. This additional information might
justify whether it wants to make the dialog a one-click "accept key" or more
of a warning.

> and something like
> > "confirm security exception", or "accept permanently", "accept
> > temporarily", or "reject" (as with SSH) would be /much/ more
> > appropriate.
>
> Totally agreed.


Cool. Without reading the dialog carefully, imho "continue" seems too much
like "continue execution" (versus exiting the application).

On Fri, Jun 5, 2009 at 15:57, Michael Pyne <mpyne@purinchu.net> wrote:

> On Friday 05 June 2009 18:36:50 Jeff Mitchell wrote:
> > Nicholas Tung wrote:
> > > Exactly, you get encryption without authentication, which is useless
> for
> > > security unless you've accepted it before via a secure connection to
> the
> > > machine. In which case, see comment below...
> >
> > No, it's useless for authentication.  It's entirely useful for
> > encryption, if that is all that you require for your security needs.
>
> In all fairness, typically encryption is used to prevent people from
> snooping
> in on the conversation between you and the destination.


This is true, I suppose I hadn't thought out the situation very fully.

[Attachment #5 (text/html)]

<div class="gmail_quote">Jeff - I hope you got my apology, I certainly didn&#39;t \
mean to start a flamewar or disrespect you with some poorly thought out parenthetical \
comment.<br><br><div class="gmail_quote">On Fri, Jun 5, 2009 at 15:36, Jeff Mitchell \
<span dir="ltr">&lt;<a href="mailto:mitchell@kde.org">mitchell@kde.org</a>&gt;</span> \
wrote:  <blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, \
204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> <div class="im">
&gt; How<br>
&gt; many /new/ unconfirmed sites do you come across for the four clicks to<br>
&gt; be an annoyance?<br>
</div><br>Plenty.   Enough for me to find it annoying, obviously.   It doesn&#39;t \
help<br> that the clicks are hyperlinks so you can&#39;t alt+key them like you \
used<br> to be.</blockquote><div><br>Fair enough.<br>  </div><blockquote \
class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt \
0pt 0.8ex; padding-left: 1ex;"><div class="im"> &gt; And, if you consider \
&quot;ssh&quot; to be a &quot;savvy user thing&quot;, then what do you<br> &gt; say \
about the &quot;IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!&quot;<br> &gt; \
when the same situation occurs (i.e. the public key changes)?<br> </div><br>I \
don&#39;t follow.   SSH works the same exact way.   When you connect<br> somewhere \
you don&#39;t know, it asks you to confirm this, then it stores<br> that \
confirmation.   This is like the Firefox behavior (except the<br> Firefox behavior \
requires four confirmations).   If a key changes, it<br> gives you a warning...just \
like Firefox if the cert changes from one<br> &quot;invalid&quot; cert to \
another.</blockquote><div><br>Right, and one has to either edit the ssh command, or \
edit ~/.ssh/known_hosts, which is more complicated than saying &quot;continue&quot; \
(afaik it simply spits this message out and quits). I guess KDE probably isn&#39;t \
storing previous RSA keys, so it doesn&#39;t know that <a \
href="http://gmail.com">gmail.com</a> used to have a signed certificate, and now \
doesn&#39;t. This additional information might justify whether it wants to make the \
dialog a one-click &quot;accept key&quot; or more of a warning.<br> \
<br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, \
204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="im"> &gt; and \
something like<br> &gt; &quot;confirm security exception&quot;, or &quot;accept \
permanently&quot;, &quot;accept<br> &gt; temporarily&quot;, or &quot;reject&quot; (as \
with SSH) would be /much/ more<br> &gt; appropriate.<br>
</div><br>Totally agreed.</blockquote><div><br>Cool. Without reading the dialog \
carefully, imho &quot;continue&quot; seems too much like &quot;continue \
execution&quot; (versus exiting the application).<br></div></div><br> On Fri, Jun 5, \
2009 at 15:57, Michael Pyne <span dir="ltr">&lt;<a \
href="mailto:mpyne@purinchu.net">mpyne@purinchu.net</a>&gt;</span> \
wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, \
204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> <div class="im">On Friday 05 \
June 2009 18:36:50 Jeff Mitchell wrote:<br> &gt; Nicholas Tung wrote:<br>
&gt; &gt; Exactly, you get encryption without authentication, which is useless \
for<br> &gt; &gt; security unless you&#39;ve accepted it before via a secure \
connection to the<br> &gt; &gt; machine. In which case, see comment below...<br>
&gt;<br>
&gt; No, it&#39;s useless for authentication.   It&#39;s entirely useful for<br>
&gt; encryption, if that is all that you require for your security needs.<br>
<br>
</div>In all fairness, typically encryption is used to prevent people from \
snooping<br> in on the conversation between you and the \
destination.</blockquote><div><br>This is true, I suppose I hadn&#39;t thought out \
the situation very fully.<br></div></div>



>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic