Hey Tom,
On Thu, 2014-02-06 at 09:15 -0500, Tom Rymes wrote:
On 02/06/2014 8:52 AM, Michael Tremer wrote: This isn't documentation-related, but is relevant tot he subject you brought up. Perhaps it would be worthwhile to change the user interface to add an element that requires a user to "Enable insecure encryption methods" before using protocols that are considered weak?
We have already plans to do this in a slightly different way. In the dropdown menus, the algorithms are usually sorted from strong to weak. For those we consider so weak that they should not be used, we planned to add a "(not recommended)" after the name of the algorithm.
That way a user could still use those methods if required for interoperability, but it would be clear that it is not recommended for security reasons.
Interoperability is the thing that gives us a real headache here. If I could I would just remove everything that is proven to be broken.
However, there are algorithms that are not proven to be broken but there are conspiracies that the authorities that specified them may have weakened the algorithm deliberately or added a backdoor. If we take this into account, it is getting even harder to find a good default.
I think your point is to change the user interface that you won't pick the weakest cipher randomly and that you don't need to read the documentation to make a better choice. I totally agree with that.
That is also the reason why I want to keep it all short and sweet, because I don't expect too many people reading this prior to setup of the VPNs, but I think that the information must be there.
-Michael