F21 System Wide Change: Default Local DNS Resolver
Paul Wouters
paul at nohats.ca
Wed Apr 30 18:53:27 UTC 2014
On Wed, 30 Apr 2014, Dan Williams wrote:
> Untrusted networks use WPA too, like coffee shops that don't leave the
> network open, but write the WPA key on the chalkboard menu or print it
> on standup cards at the tables. I've seen quite a few of these.
You are at least consciously logging into that network - it is not that
your device accidentally roamed on to it.
> There's really no guessing what's trusted/not-trusted unless you're
> using 802.1x/WPA Enterprise, or if the user has told you explicitly to
> trust this network.
I'm fine with marking anything untrusted unless otherwise signaled by
the user via the NM GUI. But others raised objections that it would
break too much. I argued changing the search list already breaks my
laptop security.
The problem is people have linked up the DHCP domain option with the
resolv.conf domain/search keywords to make "internal only" names
visible.
Between usability and security, where do we put the dial?
Paul
More information about the devel
mailing list