[Psi-devel] Some login/sasl questions for 0.11
Matthias Wimmer
m at tthias.eu
Sun Feb 4 16:41:57 PST 2007
Hi Remko!
Matthias Wimmer schrieb:
> ... I'll later check again if the lock icon is still locked for only
> integrity-protected connections.
>
I've just rechecked. Test environment:
psi-dev-snapshot-2007-02-04 using Cyrus SASL, OS: Linux
Established connection to my server using no TLS (disabled at the
server) and DIGEST-MD5 in auth-int mode (disabled auth-conf by seting
max_ssf to 1 at the server).
Result:
Lock is shown as closed, so that a user might expect, that the
connection is encrypted and cannot be read by someone having access to
the network.
I think as a first solution the lock should be shown as open in case,
that the connection is only integrity protected (i.e. Cyrus returns a
security strength factor of "1"). But for the long term it might be good
to have a third symbol indicating a connection is integrity protected
but not encrypted.
Matthias
More information about the psi-devel
mailing list