[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Request for review: fwknop package

Quoting Franck Joncourt (franck.mail@dthconnex.com):

> _Description: Configure fwknop to protect the SSH port?
> The FireWall KNock OPerator daemon has not been set up yet. This install
> process can configure fwknopd to protect the SSH port with a simple

I'm generally not fond of "this install process" or anything referring
to what's happening.

I'd suggest a more neutral wording such as "The fwknopd daemon may be
configured to protect..." or "You can choose to configure fwknopd to..."

> Rijndael shared key, but moving to a GnuPG setup is recommended. Setting
> up GnuPG for SPA communications involves a few manual steps that are
> described in the fwknop documentation. In the meantime, using Rjindael
> for SPA encryption and decryption provides decent security.
> [...]
> _Description: Sniffing interface:
> By default, fwknop-server uses libpcap, and needs to know which Ethernet
> interface should be put in promiscuous mode.

In my nitpicking mode, I'd say that programs "know"
nothing..:-)...you *instruct* them to do something.

"and should be configured to set the sniffing interface in promiscuous

I also wonder what value is added by saying that the program uses
libpcap here. The important point is that we want to know the
interface name....

What about:

_Description: Sniffing interface:
 Please specify which Ethernet interface should be put in promiscuous mode.

> [...]
> _Description: Encryption key to use:
> By default, SPA packets are encrypted with the Rijndael block cipher,
> which requires an encryption key. This password must be at least eight
> characters in length.

The prompt asks for an encryption key but the text talks about a
password. That's slightly inconsistent.


Attachment: signature.asc
Description: Digital signature

Reply to: