From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 1D8D21FF15C for ; Fri, 22 Aug 2025 10:10:21 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 66907A4D8; Fri, 22 Aug 2025 10:10:22 +0200 (CEST) Message-ID: <5702030e-0478-49e4-9b54-8a0d54d9d340@proxmox.com> Date: Fri, 22 Aug 2025 10:10:17 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Beta To: Lukas Wagner , Proxmox Datacenter Manager development discussion , Dominik Csapak References: <20250821084229.1523597-1-d.csapak@proxmox.com> Content-Language: de-DE From: Thomas Lamprecht In-Reply-To: X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1755850217580 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.031 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [mod.rs] Subject: Re: [pdm-devel] [PATCH datacenter-manager v3 00/23] ] improve remote wizard X-BeenThere: pdm-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Datacenter Manager development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox Datacenter Manager development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pdm-devel-bounces@lists.proxmox.com Sender: "pdm-devel" On 21/08/2025 13:45, Lukas Wagner wrote: > On Thu Aug 21, 2025 at 10:39 AM CEST, Dominik Csapak wrote: >> ## Fingerprint confirmation dialogs >> >> Not sure if we want to be able to let the user confirm the fingerprint >> so easily. On one hand it's very convenient, but maybe leads to users >> simply clicking yes without understanding what's happening. >> >> If it's deemed too dangerous, I'd rework the series without this. > > As said in v2, I think it's fine to have such a dialog, but I'd like to > hear some other opinions before we apply this. > > @Thomas, do you have an opinion on this? +1, there's only so much one can do and Trust On First Use (TOFU) is a widely established principle (e.g. SSH's host key verification). Furthermore, having this now does not hinder us from improving it in the future, like through some encoded "remote join info" that can be copied from the PVE system, which would also include the fingerprint. Note, that doing so does not really reduces the risk of a MITM attack vector, because if an attacker can MITM the connection between PDM and PVE, then it's equally likely that they can also MITM the one between the admin's browser and PVE. IMO one option is not inherently more likely/easier to happen than the other, the only bigger (security) benefit of a "remote join info" would be of reusing the trust the admin's (browser) has with the PVE system already, besides that it's mostly for convenience. FWIW, we could improve how we show the current fingerprint in general. Currently it's viewable through the Certificate view in the node UI, but one needs to open an extra window and one also needs to know which cert to check, because if pveproxy-ssl.pem exists (e.g. ACME set up) that one is used, otherwise it's pve-ssl.pem. So just showing the fingerprint column by default is IMO not that big of an help, maybe adding a short panel at the top detailing the relevant TLS details for a direct API connection, which mostly is the fingerprint though. Anyhow, that's orthogonal to this, as said above, having such a dialogue is certainly fine for now, it's common industry practice, doesn't locks us in, admins that do care about security can still ensure it's safe and for all others it's hard to rule out the MITM vector completely, maybe some challenge response between PVE and PDM might help, but again can still be done in the future. > >> >> # Future work >> > > [snip] > >> ui/src/remotes/wizard_page_connect.rs | 314 +++++++++++++++++--------- >> ui/src/remotes/wizard_page_info.rs | 121 +++++----- >> ui/src/remotes/wizard_page_nodes.rs | 239 +++++++++++++++++++- >> ui/src/remotes/wizard_page_summary.rs | 5 +- >> ui/src/widget/mod.rs | 3 + >> ui/src/widget/pve_realm_selector.rs | 123 ++++++++++ >> 15 files changed, 872 insertions(+), 203 deletions(-) >> create mode 100644 ui/src/widget/pve_realm_selector.rs > > Gave this one another go. Code looks good to me, only two minor > complaints about outdated doc comments and one question about the > permissions for the tls-probe endpoint (see individual patches). > > Consider this: > > Reviewed-by: Lukas Wagner > > Also tested this again, found two small issues: > - Seems like the realm selector is still not disabled when "Use > existing token" is selected > - When you modify something in the "Endpoints" tab (e.g. the IP > address for some endpoint), go back to "Settings" and then back to > "Endpoints", the changes are lost - I guess in this case the info is > fetched again from the API and the changes overwritten. > > These could also be fixed in a follow-up, since these do not impeded the > core functionality of the dialog, IMO. _______________________________________________ pdm-devel mailing list pdm-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel