[strongSwan-dev] nm applet 1.4.5, pre-shared key
Noel Kuntze
noel.kuntze+strongswan-dev-ml at thermi.consulting
Fri Aug 30 10:20:14 CEST 2019
Manual resend to all participants due to wrong sender address of original email.
Hi,
Check PR #145[1] on GH.
Kind regards
Noel
[1] https://github.com/strongswan/strongswan/pull/145
Am 30.08.19 um 10:07 schrieb Tobias Brunner:
> Hi Harald,
>
>> Do you think it would be possible to dynamically change the input
>> form, depending upon whether its x509, PSK, smartcard or eap? The
>> current static design is the confusing part.
> I guess so. If somebody wants to do it, patches are welcome.
>
>> I am not asking you to lower it. But the admin managing the PSKs
>> on his high-end VPN gateway on the peer doesn't know about this
>> restriction in strongswan. How would you like to address this?
> That strong secrets are enforced is already mentioned on the NM wiki
> page [1]. I guess we could add the actual minimum length. Or what did
> you have in mind?
>
>> Surely I understand that PSKs should be avoided in favor of server
>> certificate and EAP, but its hard for me to close a valid Debian bug
>> report about n-m-s, telling the user to drop PSKs and to try EAP
>> instead. Maybe it would help to officially set the PSK feature in
>> n-m-s to "deprecated"?
> I've no problem with that. Something like adding "(deprecated)" to the
> "Pre-shared key" entry of the authentication method drop-down field?
>
> Regards,
> Tobias
>
> [1] https://wiki.strongswan.org/projects/strongswan/wiki/NetworkManager
--
Noel Kuntze
IT security consultant
GPG Key ID: 0x0739AD6C
Fingerprint: 3524 93BE B5F7 8E63 1372 AF2D F54E E40B 0739 AD6C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20190830/b844ec37/attachment.sig>
More information about the Dev
mailing list