~sircmpwn/gmni-devel

gmnlm: use 'trust always' as default in TOFU prompt v1 REJECTED

Ondřej Fiala <temp.xanomes@volny.cz>
1 year, 8 months ago 
Ondřej Fiala: 1
 gmnlm: use 'trust always' as default in TOFU prompt

 1 files changed, 5 insertions(+), 3 deletions(-)
Export patchset (mbox)
How do I use this?

Copy & paste the following snippet into your terminal to import this patchset into git: 

curl -s https://lists.sr.ht/~sircmpwn/gmni-devel/patches/27891/mbox | git am -3
Learn more about email & git
Reply to thread View this thread in the archives

[PATCH] gmnlm: use 'trust always' as default in TOFU prompt Export this patch

Ondřej Fiala <temp.xanomes@volny.cz>
1 year, 8 months ago 
---
The TOFU prompt seems to encourage choosing the 'trust always' option
unless the user knows better. In such cases, it is common to default to
such option when no explicit choice is provided by the user.

To me, this seems to make the UX feel much closer to clients that don't
ask at all, while retaining the security benefits.

I considered also modifying the prompt to make this behavior more
visible, but I am not sure about a good way to do it. I am afraid that
capitalizing the first letter, which is the convention, could be
misunderstood by users in this context. Please let me know what you
think about this.

 src/gmnlm.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/gmnlm.c b/src/gmnlm.c
index 710473b..73c3230 100644
--- a/src/gmnlm.c
+++ b/src/gmnlm.c
@@ -1125,12 +1125,14 @@ tofu_callback(enum tofu_error error, const char *fingerprint,
			free(line);
			return TOFU_FAIL;
		}
		if (line[1] != '\n') {

		char c = line[0];
		if (c == '\n') {
			return TOFU_TRUST_ALWAYS;
		} else if (line[1] != '\n') {
			free(line);
			continue;
		}

		char c = line[0];
		free(line);

		switch (c) {
-- 
2.34.1
Drew DeVault <sir@cmpwn.com>
1 year, 8 months ago 
NACK. I think this makes the behavior betray the user's expectations.