[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: ssl auth failure gui: does "continue" do what I think it does?
From:       Nicholas Tung <gatoatigrado () gmail ! com>
Date:       2009-06-05 23:49:28
Message-ID: fa81b0d10906051649j4e48aa78rcc7f0af556de37ac () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Jeff - I hope you got my apology, I certainly didn't mean to start a
flamewar or disrespect you with some poorly thought out parenthetical
comment.

On Fri, Jun 5, 2009 at 15:36, Jeff Mitchell <mitchell@kde.org> wrote:
>
> > How
> > many /new/ unconfirmed sites do you come across for the four clicks to
> > be an annoyance?
>
> Plenty.  Enough for me to find it annoying, obviously.  It doesn't help
> that the clicks are hyperlinks so you can't alt+key them like you used
> to be.


Fair enough.


> > And, if you consider "ssh" to be a "savvy user thing", then what do you
> > say about the "IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!"
> > when the same situation occurs (i.e. the public key changes)?
>
> I don't follow.  SSH works the same exact way.  When you connect
> somewhere you don't know, it asks you to confirm this, then it stores
> that confirmation.  This is like the Firefox behavior (except the
> Firefox behavior requires four confirmations).  If a key changes, it
> gives you a warning...just like Firefox if the cert changes from one
> "invalid" cert to another.


Right, and one has to either edit the ssh command, or edit
~/.ssh/known_hosts, which is more complicated than saying "continue" (afaik
it simply spits this message out and quits). I guess KDE probably isn't
storing previous RSA keys, so it doesn't know that gmail.com used to have a
signed certificate, and now doesn't. This additional information might
justify whether it wants to make the dialog a one-click "accept key" or more
of a warning.

> and something like
> > "confirm security exception", or "accept permanently", "accept
> > temporarily", or "reject" (as with SSH) would be /much/ more
> > appropriate.
>
> Totally agreed.


Cool. Without reading the dialog carefully, imho "continue" seems too much
like "continue execution" (versus exiting the application).

On Fri, Jun 5, 2009 at 15:57, Michael Pyne <mpyne@purinchu.net> wrote:

> On Friday 05 June 2009 18:36:50 Jeff Mitchell wrote:
> > Nicholas Tung wrote:
> > > Exactly, you get encryption without authentication, which is useless
> for
> > > security unless you've accepted it before via a secure connection to
> the
> > > machine. In which case, see comment below...
> >
> > No, it's useless for authentication.  It's entirely useful for
> > encryption, if that is all that you require for your security needs.
>
> In all fairness, typically encryption is used to prevent people from
> snooping
> in on the conversation between you and the destination.


This is true, I suppose I hadn't thought out the situation very fully.

[Attachment #5 (text/html)]

<div class="gmail_quote">Jeff - I hope you got my apology, I certainly didn&#39;t mean to start a \
flamewar or disrespect you with some poorly thought out parenthetical comment.<br><br><div \
class="gmail_quote">On Fri, Jun 5, 2009 at 15:36, Jeff Mitchell <span dir="ltr">&lt;<a \
href="mailto:mitchell@kde.org">mitchell@kde.org</a>&gt;</span> wrote:  <blockquote class="gmail_quote" \
style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> <div \
class="im"> &gt; How<br>
&gt; many /new/ unconfirmed sites do you come across for the four clicks to<br>
&gt; be an annoyance?<br>
</div><br>Plenty.   Enough for me to find it annoying, obviously.   It doesn&#39;t help<br>
that the clicks are hyperlinks so you can&#39;t alt+key them like you used<br>
to be.</blockquote><div><br>Fair enough.<br>  </div><blockquote class="gmail_quote" style="border-left: \
1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="im"> &gt; And, \
if you consider &quot;ssh&quot; to be a &quot;savvy user thing&quot;, then what do you<br> &gt; say about \
the &quot;IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!&quot;<br> &gt; when the same situation \
occurs (i.e. the public key changes)?<br> </div><br>I don&#39;t follow.   SSH works the same exact way.   \
When you connect<br> somewhere you don&#39;t know, it asks you to confirm this, then it stores<br>
that confirmation.   This is like the Firefox behavior (except the<br>
Firefox behavior requires four confirmations).   If a key changes, it<br>
gives you a warning...just like Firefox if the cert changes from one<br>
&quot;invalid&quot; cert to another.</blockquote><div><br>Right, and one has to either edit the ssh \
command, or edit ~/.ssh/known_hosts, which is more complicated than saying &quot;continue&quot; (afaik it \
simply spits this message out and quits). I guess KDE probably isn&#39;t storing previous RSA keys, so it \
doesn&#39;t know that <a href="http://gmail.com">gmail.com</a> used to have a signed certificate, and now \
doesn&#39;t. This additional information might justify whether it wants to make the dialog a one-click \
&quot;accept key&quot; or more of a warning.<br> <br></div><blockquote class="gmail_quote" \
style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div \
class="im"> &gt; and something like<br>
&gt; &quot;confirm security exception&quot;, or &quot;accept permanently&quot;, &quot;accept<br>
&gt; temporarily&quot;, or &quot;reject&quot; (as with SSH) would be /much/ more<br>
&gt; appropriate.<br>
</div><br>Totally agreed.</blockquote><div><br>Cool. Without reading the dialog carefully, imho \
&quot;continue&quot; seems too much like &quot;continue execution&quot; (versus exiting the \
application).<br></div></div><br> On Fri, Jun 5, 2009 at 15:57, Michael Pyne <span dir="ltr">&lt;<a \
href="mailto:mpyne@purinchu.net">mpyne@purinchu.net</a>&gt;</span> wrote:<br><blockquote \
class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; \
padding-left: 1ex;"> <div class="im">On Friday 05 June 2009 18:36:50 Jeff Mitchell wrote:<br>
&gt; Nicholas Tung wrote:<br>
&gt; &gt; Exactly, you get encryption without authentication, which is useless for<br>
&gt; &gt; security unless you&#39;ve accepted it before via a secure connection to the<br>
&gt; &gt; machine. In which case, see comment below...<br>
&gt;<br>
&gt; No, it&#39;s useless for authentication.   It&#39;s entirely useful for<br>
&gt; encryption, if that is all that you require for your security needs.<br>
<br>
</div>In all fairness, typically encryption is used to prevent people from snooping<br>
in on the conversation between you and the destination.</blockquote><div><br>This is true, I suppose I \
hadn&#39;t thought out the situation very fully.<br></div></div>



>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic