[sane-devel] Remove user authorization support from net backend / saned frontend?

Ralph Little skelband at gmail.com
Sat Apr 9 17:36:26 BST 2022 

Hi,

On 2022-04-08 06:19, Julian H. Stacey wrote:
>>      Or, more likely: is that the same password the individual uses to
>>      log into their system? Or to access their e-mail? Or (hopefully not)
>>      their bank account?
>>
>>      That is why it is actually better to use no authentication, than to
>>      allow weak authentication.
> It would be unfitting & intolerant to deny weak authentication when
> we are ignorant of local environments.
>
> We don't know people's local subnets, firewalls, VPNs, local user
> community of colleagues & co-residents & family, & their skill
> levels (both admins to configure, & users who might [or not] have
> skills to sniff packets, & what devices with sniffer apps might or
> not be able to connect to subnets.
>
> In ignorance of user environments, we should not force others to strong
> or none by removing weak..  Just offer suggestions & examples at install.
>
> Cheers,

My personal opinion is that we should provide the best protection for 
our users that is reasonable whilst not significantly increasing the 
costs of setup for users.
We do fairly regularly get users asking questions about how to set up 
the saned/net backend scenario and it is not as straightforward as it 
might perhaps be.

I do think that this is a useful discussion however.

In the current computing world, we are moving to a no-trust default, 
whether or not individual users believe that their network has much of a 
threat profile.
Modern attacks are increasingly clever viral payloads that attempt to 
spread themselves throughout internal network nodes.
I don't personally believe it likely that there are threats out there 
actively looking at the SANE net protocol though. Perhaps I am wrong 
about that. I don't know.

If we can provide an alternative to what is currently supported that 
provides secure authentication then I believe that would be a worthwhile 
thing.
We should consider backwards compatibility though with a view to 
eventually removing the current regime once a new, better method had 
been established.
If someone were keen to take that on.

We should also be considerate of any other implementations of the net 
protocol to see if there would be problems there. I'm thinking of some 
of the other language implementations.
I do know that there is at least a Dart implementation: we had some 
discussion on GitLab about it some time ago. There may be others.

Cheers,
Ralph

More information about the sane-devel mailing list