Le sam. 20 juil. 2019 à 20:54, Daniel Shahaf <d...@daniel.shahaf.name> a écrit : > > Stefan Sperling wrote on Sat, 20 Jul 2019 09:51 +00:00: > > But as a user I find it infuriating when software I use contains > > artificial restrictions like this. We should assume our users know > > what they are doing. Subversion is not a web browser. > > I'm not entirely sure I'm convinced by this logic. Let's take OpenSSH for > example: > > [[[ > % ed .ssh/known_hosts > g/^hermes/d > s/^[^ ]*/hermes.apache.org/ > w > q > % ssh hermes.apache.org > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! > Someone could be eavesdropping on you right now (man-in-the-middle attack)! > It is also possible that a host key has just been changed. > The fingerprint for the ECDSA key sent by the remote host is > SHA256:gJUlDrKOTnUQ/lAx6eM4Ylq6z/5ere2tJoLEgrfM++A. > Please contact your system administrator. > Add correct host key in /home/daniel/.ssh/known_hosts to get rid of this > message. > Offending ECDSA key in /home/daniel/.ssh/known_hosts:26 > remove with: > ssh-keygen -f "/home/daniel/.ssh/known_hosts" -R hermes.apache.org > ECDSA host key for hermes.apache.org has changed and you have requested > strict checking. > Host key verification failed. > zsh: exit 255 ssh hermes.apache.org > ]]] > > The error message does not give a way to continue the operation, but it > does tell you what command to run if you would like to proceed anyway. > This way, the buck stops with the user, but the program makes it quite > clear that this is an abnormal situation and caution should be > exercised. > > Should we do something similar (but without the all-caps? That's why > I proposed writing a command that takes a certificate on stdin and marks > it as trusted. > > Daniel
>From a user perspective, I would also appreciate to be able to take my responsibilities to accept unsafe operations. Having the choice to can accept permanently the certificate, and then getting a special warning message to confirm I really know what I do, because there is unknown errors reported, would definitively help to report the responsibilities on the users while let him/her chose to take (or not) the said responsibilities. Best Regards, Pierre.
