Brian Quinion

icon indicating an email [email protected]

Results 6 comments of Brian Quinion

It's possible to export settings with locked preferences

Would it be safe to: 1) allow export but not include the settings_password key so that it isn't so easy to recover the password 2) disable import without a passcode...

[Enhancement][Security] Suspend NS Client on public WiFi

All AAPS network traffic should be transported over https and as such I wouldn't expect this to matter. In assuming you disagree, could you explain why?

[Enhancement][Security] Suspend NS Client on public WiFi

@dlvoy enforcing https sounds like a quick mitigation to a lot of these issues. I'll create a pr for discussion.

[Enhancement][Security] Suspend NS Client after Nightscout certificate change (certificate key pinning)

Could you give an example of a practical MITM attack on TLS that doesn't involve either a corporate network installing their own certificate (which the user should be aware of)...

[Enhancement][Security] Suspend NS Client after Nightscout certificate change (certificate key pinning)

@asquelt you can't obtain a LE certificate without already having control of the target DNS/server. Systems like banks trust this level of security without issue and with a much higher...

[Enhancement][Security] Suspend NS Client after Nightscout certificate change (certificate key pinning)

@dlvoy This is also my concern (that this is black magic to most users). Certificate pinning could result in a warning (or even worse NS being blocked) every time LE...