[Psi-devel] auth-int encryption status patch
textshell-I1QKlO at neutronstar.dyndns.org
textshell-I1QKlO at neutronstar.dyndns.org
Sun Feb 4 17:18:48 PST 2007
On Mon, Feb 05, 2007 at 01:41:57AM +0100, Matthias Wimmer wrote:
> Hi Remko!
>
> Matthias Wimmer schrieb:
> > ... I'll later check again if the lock icon is still locked for only
> > integrity-protected connections.
> >
>
> I've just rechecked. Test environment:
>
> psi-dev-snapshot-2007-02-04 using Cyrus SASL, OS: Linux
>
> Established connection to my server using no TLS (disabled at the
> server) and DIGEST-MD5 in auth-int mode (disabled auth-conf by seting
> max_ssf to 1 at the server).
>
> Result:
>
> Lock is shown as closed, so that a user might expect, that the
> connection is encrypted and cannot be read by someone having access to
> the network.
>
> I think as a first solution the lock should be shown as open in case,
> that the connection is only integrity protected (i.e. Cyrus returns a
> security strength factor of "1"). But for the long term it might be good
> to have a third symbol indicating a connection is integrity protected
> but not encrypted.
>
>
Thanks for checking this. I implemented a patch that should implement
the first solution. It's only compile tested but pretty trivial.
- Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: patch-sasl-int1.diff
Type: text/x-diff
Size: 1680 bytes
Desc: not available
Url : http://lists.affinix.com/pipermail/psi-devel-affinix.com/attachments/20070205/1b1f60b3/attachment.bin
More information about the psi-devel
mailing list