Re: Network security manager

[Lars Magne Ingebrigtsen]

Ted Zlatanov <address@hidden> writes:

> LMI> GPG isn't feasible because nobody wants to type passwords.
>
> Whuhh?

Yeah?

> Yes, it's a bother.  We're talking about potentially dozens or hundreds
> of exceptions in a large enterprise.  But let's assume the `a' key is
> large and easy to hit.
>
> Scenario 1: you allow a compromised server accidentally.  You now can't
> review the exception list to remove that compromise.
>
> Scenario 2: someone allows a compromised server on purpose in a few
> seconds.  You have no idea it happened.
>
> I'm sure there are other scenarios, but please don't make this a
> write-only data store.

Well, we could have a setting that says that the NSM should re-query
security exceptions...

On the other hand, we could store the server names in plain text when we
store security exceptions to make reviews easier.  That is, keep the
hash-only thing for STARTTLS man-in-the-middle tracking and the like,
but if the user registers an exception, then we'd stash the server name
in there, too.

This would avoid leaving a complete list of STARTTLS servers in that
file, but still allow easy removal of specific exceptions.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no