[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: ssl auth failure gui: does "continue" do what I think it does?
From: Nicholas Tung <gatoatigrado () gmail ! com>
Date: 2009-06-05 23:49:28
Message-ID: fa81b0d10906051649j4e48aa78rcc7f0af556de37ac () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Jeff - I hope you got my apology, I certainly didn't mean to start a
flamewar or disrespect you with some poorly thought out parenthetical
comment.
On Fri, Jun 5, 2009 at 15:36, Jeff Mitchell <mitchell@kde.org> wrote:
>
> > How
> > many /new/ unconfirmed sites do you come across for the four clicks to
> > be an annoyance?
>
> Plenty. Enough for me to find it annoying, obviously. It doesn't help
> that the clicks are hyperlinks so you can't alt+key them like you used
> to be.
Fair enough.
> > And, if you consider "ssh" to be a "savvy user thing", then what do you
> > say about the "IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!"
> > when the same situation occurs (i.e. the public key changes)?
>
> I don't follow. SSH works the same exact way. When you connect
> somewhere you don't know, it asks you to confirm this, then it stores
> that confirmation. This is like the Firefox behavior (except the
> Firefox behavior requires four confirmations). If a key changes, it
> gives you a warning...just like Firefox if the cert changes from one
> "invalid" cert to another.
Right, and one has to either edit the ssh command, or edit
~/.ssh/known_hosts, which is more complicated than saying "continue" (afaik
it simply spits this message out and quits). I guess KDE probably isn't
storing previous RSA keys, so it doesn't know that gmail.com used to have a
signed certificate, and now doesn't. This additional information might
justify whether it wants to make the dialog a one-click "accept key" or more
of a warning.
> and something like
> > "confirm security exception", or "accept permanently", "accept
> > temporarily", or "reject" (as with SSH) would be /much/ more
> > appropriate.
>
> Totally agreed.
Cool. Without reading the dialog carefully, imho "continue" seems too much
like "continue execution" (versus exiting the application).
On Fri, Jun 5, 2009 at 15:57, Michael Pyne <mpyne@purinchu.net> wrote:
> On Friday 05 June 2009 18:36:50 Jeff Mitchell wrote:
> > Nicholas Tung wrote:
> > > Exactly, you get encryption without authentication, which is useless
> for
> > > security unless you've accepted it before via a secure connection to
> the
> > > machine. In which case, see comment below...
> >
> > No, it's useless for authentication. It's entirely useful for
> > encryption, if that is all that you require for your security needs.
>
> In all fairness, typically encryption is used to prevent people from
> snooping
> in on the conversation between you and the destination.
This is true, I suppose I hadn't thought out the situation very fully.
[Attachment #5 (text/html)]
<div class="gmail_quote">Jeff - I hope you got my apology, I certainly didn't mean to start a \
flamewar or disrespect you with some poorly thought out parenthetical comment.<br><br><div \
class="gmail_quote">On Fri, Jun 5, 2009 at 15:36, Jeff Mitchell <span dir="ltr"><<a \
href="mailto:mitchell@kde.org">mitchell@kde.org</a>></span> wrote: <blockquote class="gmail_quote" \
style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> <div \
class="im"> > How<br>
> many /new/ unconfirmed sites do you come across for the four clicks to<br>
> be an annoyance?<br>
</div><br>Plenty. Enough for me to find it annoying, obviously. It doesn't help<br>
that the clicks are hyperlinks so you can't alt+key them like you used<br>
to be.</blockquote><div><br>Fair enough.<br> </div><blockquote class="gmail_quote" style="border-left: \
1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="im"> > And, \
if you consider "ssh" to be a "savvy user thing", then what do you<br> > say about \
the "IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!"<br> > when the same situation \
occurs (i.e. the public key changes)?<br> </div><br>I don't follow. SSH works the same exact way. \
When you connect<br> somewhere you don't know, it asks you to confirm this, then it stores<br>
that confirmation. This is like the Firefox behavior (except the<br>
Firefox behavior requires four confirmations). If a key changes, it<br>
gives you a warning...just like Firefox if the cert changes from one<br>
"invalid" cert to another.</blockquote><div><br>Right, and one has to either edit the ssh \
command, or edit ~/.ssh/known_hosts, which is more complicated than saying "continue" (afaik it \
simply spits this message out and quits). I guess KDE probably isn't storing previous RSA keys, so it \
doesn't know that <a href="http://gmail.com">gmail.com</a> used to have a signed certificate, and now \
doesn't. This additional information might justify whether it wants to make the dialog a one-click \
"accept key" or more of a warning.<br> <br></div><blockquote class="gmail_quote" \
style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div \
class="im"> > and something like<br>
> "confirm security exception", or "accept permanently", "accept<br>
> temporarily", or "reject" (as with SSH) would be /much/ more<br>
> appropriate.<br>
</div><br>Totally agreed.</blockquote><div><br>Cool. Without reading the dialog carefully, imho \
"continue" seems too much like "continue execution" (versus exiting the \
application).<br></div></div><br> On Fri, Jun 5, 2009 at 15:57, Michael Pyne <span dir="ltr"><<a \
href="mailto:mpyne@purinchu.net">mpyne@purinchu.net</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; \
padding-left: 1ex;"> <div class="im">On Friday 05 June 2009 18:36:50 Jeff Mitchell wrote:<br>
> Nicholas Tung wrote:<br>
> > Exactly, you get encryption without authentication, which is useless for<br>
> > security unless you've accepted it before via a secure connection to the<br>
> > machine. In which case, see comment below...<br>
><br>
> No, it's useless for authentication. It's entirely useful for<br>
> encryption, if that is all that you require for your security needs.<br>
<br>
</div>In all fairness, typically encryption is used to prevent people from snooping<br>
in on the conversation between you and the destination.</blockquote><div><br>This is true, I suppose I \
hadn't thought out the situation very fully.<br></div></div>
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic