On Wed, 30 Apr 2014, Dan Williams wrote:
Untrusted networks use WPA too, like coffee shops that don't leave the network open, but write the WPA key on the chalkboard menu or print it on standup cards at the tables. I've seen quite a few of these.
You are at least consciously logging into that network - it is not that your device accidentally roamed on to it.
There's really no guessing what's trusted/not-trusted unless you're using 802.1x/WPA Enterprise, or if the user has told you explicitly to trust this network.
I'm fine with marking anything untrusted unless otherwise signaled by the user via the NM GUI. But others raised objections that it would break too much. I argued changing the search list already breaks my laptop security. The problem is people have linked up the DHCP domain option with the resolv.conf domain/search keywords to make "internal only" names visible. Between usability and security, where do we put the dial? Paul -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
