Re: Salsa update: no more "-guest" and more

To: Thomas Goirand <zigo@debian.org>, debian-devel@lists.debian.org
Subject: Re: Salsa update: no more "-guest" and more
From: Bernd Zeimetz <bernd@bzed.de>
Date: Thu, 30 Apr 2020 01:15:50 +0200
Message-id: <[🔎] 76272f9a-c735-1577-6801-94ed2ea42fc8@bzed.de>
In-reply-to: <[🔎] e8b300da-b737-8219-914c-2517976d9421@debian.org>
References: <20200418213339.GB32260@waldi.eu.org> <[🔎] 8555e1c9-2ae9-fc7e-8278-4e4e1bf1b0f1@bzed.de> <[🔎] 20200425164941.4nrgwu636mk564y5@shell.thinkmo.de> <[🔎] B4960B93-DB48-469A-A2A2-6E2D7383D219@bzed.de> <[🔎] 1aa1982f-e333-df39-121c-b7d0ceecaf3c@debian.org> <[🔎] 45946438-59a6-f2f3-98b0-3610c4982441@bzed.de> <[🔎] b8e504e4-5281-5833-750f-f613b26136b4@debian.org> <[🔎] f8de3cfd-6d0b-7806-6d86-7e492898374c@debian.org> <[🔎] d1112a8c-712b-d7f0-5b66-96fc57d26598@debian.org> <[🔎] 6cd09e8d-a16a-9132-6ba7-491074650415@debian.org> <[🔎] e0867d6d-d605-d6a4-2022-bb3a9fb58461@bzed.de> <[🔎] e8b300da-b737-8219-914c-2517976d9421@debian.org>


On 4/28/20 3:20 PM, Thomas Goirand wrote:

> That's not the case. An MITM attack could gain a session and maintain it
> open, while the end user would just notice "oh shit, I miss-typed the
> 2FA numbers, let's try again". Then the only thing the attacker needs to
> do is keep the session open to not loose access...

I hope you realize that no session is open forever.

-- 
 Bernd Zeimetz                            Debian GNU/Linux Developer
 http://bzed.de                                http://www.debian.org
 GPG Fingerprint: ECA1 E3F2 8E11 2432 D485  DD95 EB36 171A 6FF9 435F

Reply to:

Follow-Ups:
- Re: Salsa update: no more "-guest" and more
  - From: Tomas Pospisek <tpo2@sourcepole.ch>

References:
- Re: Salsa update: no more "-guest" and more
  - From: Bernd Zeimetz <bernd@bzed.de>
- Re: Salsa update: no more "-guest" and more
  - From: Bastian Blank <waldi@debian.org>
- Re: Salsa update: no more "-guest" and more
  - From: Bernd Zeimetz <bernd@bzed.de>
- Re: Salsa update: no more "-guest" and more
  - From: IOhannes m zmölnig (Debian/GNU) <umlaeute@debian.org>
- Re: Salsa update: no more "-guest" and more
  - From: Bernd Zeimetz <bernd@bzed.de>
- Re: Salsa update: no more "-guest" and more
  - From: Thomas Goirand <zigo@debian.org>
- Re: Salsa update: no more "-guest" and more
  - From: Paride Legovini <paride@debian.org>
- Re: Salsa update: no more "-guest" and more
  - From: Thomas Goirand <zigo@debian.org>
- Re: Salsa update: no more "-guest" and more
  - From: Paride Legovini <paride@debian.org>
- Re: Salsa update: no more "-guest" and more
  - From: Bernd Zeimetz <bernd@bzed.de>
- Re: Salsa update: no more "-guest" and more
  - From: Thomas Goirand <zigo@debian.org>

Prev by Date: Re: Mass bug filing: dependencies on GTK 2
Next by Date: Advice for key format with Nitrokey Pro 2 (signing, authentication)
Previous by thread: Re: Salsa update: no more "-guest" and more
Next by thread: Re: Salsa update: no more "-guest" and more
Index(es):
- Date
- Thread