On Tue, 2016-01-26 at 11:51 +, David Woodhouse wrote:
> It does even make a little bit of sense, if the most sensitive item
> on the computer in question *is* the VPN certificate
That would certainly be the case for my VPN setup... it's just there so
I can access the work network from my perso
On Tue, 2016-01-26 at 10:01 +0100, Matthias Berndt wrote:
>
>
> > OTOH if she is keeping her cert deliberately secure on an encrypted USB
> > storage device, and it gets copied to the unencrypted hard drive, she
> > might not be able to connect tomorrow because she's been *fired* for
> > this bre
>OTOH if she is keeping her cert deliberately secure on an encrypted USB
>storage device, and it gets copied to the unencrypted hard drive, she
>might not be able to connect tomorrow because she's been *fired* for
>this breach of security policy.
What kind of security policy requires you to encr
On Sun, 2016-01-24 at 23:02 +0100, Matthias Berndt wrote:
>
> Oh, and there's another thing: afaics, if you don't use inline blobs
> but files for the certificate/key/ca, nm-openvpn will not copy them
> somewhere safe (~/.cert, say) – bad idea. Jane User will plug in her
> USB stick, import her Op
On Sun, 2016-01-24 at 23:02 +0100, Matthias Berndt wrote:
> Hi,
>
> I've been thinking about the code that I recently modified. The
> handle_blob_item function checks if the blob markers (BEGIN
> CERTIFICATE etc.) are present and returns false without consuming
> any lines if they're missi
Hi,
I've been thinking about the code that I recently modified. The
handle_blob_item function checks if the blob markers (BEGIN CERTIFICATE
etc.) are present and returns false without consuming any lines if they're
missing. I fail to see the point, why not just copy everything between t
