On 8/27/19 9:10 AM, Robert Marcano wrote:
On 8/27/19 8:57 AM, Björn Persson wrote:
> Robert Marcano wrote:
>> Maybe, now that NetworkManager implements now its own DHCP client, if
>> the IP received is not an private address (RFC 1918 for IPv4, some other
>> consideration should be done for IPv6), Notify the user the connection
>> is in a secure mode with an option to disable the secure, temporarily or
>> permanently
>
> First, an RFC 1918 address indicates that you're probably behind an
> address translator. It does not prove that other computers on the local
> network are friendly. You might be on a public hotspot surrounded by
> potentially hostile strangers.
And this is worse than what we currently have where everything is
considered friendly? this proposal is protecting situations when the IP
address is known to be public.
For completeness, the WiFi case is "simple" to solve because there is
something that is missing in wired connections, the SSID, bringing a
easier to use firewall zones UI to GNOME Settings could help, maybe
instead of listing zones, is should be a simpler "Disable network
sharing" or something like that, that sets the "public" zone on that
WiFi connection.
>
> Second, a solution that works only for IPv4 is not a solution in the
> year 2019. You need to take IPv6 seriously, or you won't be taken
> seriously.
It is my understanding that this is a mailing list where suggestions
could be made, without insinuating some kind of bad faith. I explicitly
stated "some other consideration should be done for IPv6" because in my
country ISPs providing IPv6 are a dream, so I have no way to test or
propose a solution I couldn't try on a real scenario.
>
> Björn Persson
>
>
> _______________________________________________
> devel mailing list -- devel(a)lists.fedoraproject.org
> To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org
> Fedora Code of Conduct:
>
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
>
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
>
>