[Openvas-commits] r1529 - trunk/doc/website

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Mon Oct 13 12:48:23 CEST 2008 

Author: mwiegand
Date: 2008-10-13 12:48:23 +0200 (Mon, 13 Oct 2008)
New Revision: 1529

Added:
   trunk/doc/website/openvas-cr-17.htm4
Modified:
   trunk/doc/website/openvas-cr-16.htm4
   trunk/doc/website/openvas-crs.htm4
Log:
Updated CR #16, added CR #17.


Modified: trunk/doc/website/openvas-cr-16.htm4
===================================================================
--- trunk/doc/website/openvas-cr-16.htm4	2008-10-13 02:34:58 UTC (rev 1528)
+++ trunk/doc/website/openvas-cr-16.htm4	2008-10-13 10:48:23 UTC (rev 1529)
@@ -28,7 +28,7 @@
 PAGE_START
 <h2>OpenVAS Change Request #16: OpenVAS-Client: Do not automatically enable new NVTs</h2>
 
-Status: In discusssion.
+Status: In discusssion, Voted +4.
 
 <h3>Purpose</h3>
 
@@ -102,6 +102,8 @@
 <h3>History</h3>
 
 <ul>
+<li> 2008-10-13 Michael Wiegand &lt;michael.wiegand at intevation.de&gt;:<br>
+     Updated voting result.</li>
 <li> 2008-10-09 Michael Wiegand &lt;michael.wiegand at intevation.de&gt;:<br>
      Updated text.</li>
 <li> 2008-10-08 Michael Wiegand &lt;michael.wiegand at intevation.de&gt;:<br>

Added: trunk/doc/website/openvas-cr-17.htm4
===================================================================
--- trunk/doc/website/openvas-cr-17.htm4	2008-10-13 02:34:58 UTC (rev 1528)
+++ trunk/doc/website/openvas-cr-17.htm4	2008-10-13 10:48:23 UTC (rev 1529)
@@ -0,0 +1,101 @@
+m4_dnl -*-html-*-
+m4_include(`template.m4')
+
+m4_dnl OpenVAS
+m4_dnl $Id$
+m4_dnl Description: OpenVAS Change Request #17
+m4_dnl
+m4_dnl Authors:
+m4_dnl Michael Wiegand <michael.wiegand at intevation.de>
+m4_dnl
+m4_dnl Copyright:
+m4_dnl Copyright (C) 2008 Intevation GmbH
+m4_dnl
+m4_dnl This program is free software; you can redistribute it and/or modify
+m4_dnl it under the terms of the GNU General Public License version 2,
+m4_dnl as published by the Free Software Foundation.
+m4_dnl
+m4_dnl This program is distributed in the hope that it will be useful,
+m4_dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
+m4_dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+m4_dnl GNU General Public License for more details.
+m4_dnl
+m4_dnl You should have received a copy of the GNU General Public License
+m4_dnl along with this program; if not, write to the Free Software
+m4_dnl Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+
+
+PAGE_START
+<h2>OpenVAS Change Request #17: OTP: Make NVT signatures available to OpenVAS-Client</h2>
+
+Status: In discusssion.
+
+<h3>Purpose</h3>
+
+<p>
+  To make NVT signatures more transparent to the user and ultimately enable the
+  user to verify the trust set in the NVTs.
+</p>
+
+<h3>References</h3>
+
+<p>
+</p>
+
+<h3>Rationale</h3>
+
+<p>
+  In the current implementation, NVT signatures are verified by OpenVAS-Server.
+  The server can be configured to enable only signed and trusted NVTs and will
+  in that case only transmit those NVTs to the client which are signed with a
+  trustworthy signature.
+</p>
+
+<p>
+  This behavior leaves no way for the user to verify who signed which NVT and
+  prevents him from making up his own mind regarding the trustworthiness of the
+  NVTs he is about to execute since the signature information is not transmitted
+  to the client.
+</p>
+
+<p>
+  A better option would be to provide the OpenVAS client (and therefore the user)
+  with more information regarding plugin signatures.
+</p>
+
+<h3>Effects</h3>
+
+<p>
+  This change would add a protocol elements to OTP 1.0 which enable the server
+  to transmit signature and trust data to the client and would introduce handling
+  for this new element in the appropriate places. It would also extend the client
+  GUI to display the information received from the server to the user.
+</p>
+
+
+<h3>Design and Implementation</h3>
+
+<p>
+  The signature information could be included in the PLUGIN_INFO and PLUGIN_LIST
+  message types as a last element; this would probably be the easiest solution.
+  Alternatively, a new message type (like PLUGIN_SIGNATURE) could be introduced.
+</p>
+
+<p>
+  Before transmitting information regarding the individual NVT signatures, the
+  server should transmit all the certificates (public keys) it knows with a value
+  indicating whether it trusts this certificated or not.
+</p>
+
+<p>
+  A good place to display information regarding the NVT signature would be the
+  information dialog for the individual NVT located in nessus/plugin_infos.c in
+  the client.
+</p>
+
+<h3>History</h3>
+
+<ul>
+<li> 2008-10-13 Michael Wiegand &lt;michael.wiegand at intevation.de&gt;:<br>
+     Initial text.</li>
+</ul>

Modified: trunk/doc/website/openvas-crs.htm4
===================================================================
--- trunk/doc/website/openvas-crs.htm4	2008-10-13 02:34:58 UTC (rev 1528)
+++ trunk/doc/website/openvas-crs.htm4	2008-10-13 10:48:23 UTC (rev 1529)
@@ -60,6 +60,7 @@
 <li> <a href="openvas-cr-14.html">OpenVAS Change Request #14: OpenVAS-Client: Remove source code copy of gdchart and gd</a> (done)
 <li> <a href="openvas-cr-15.html">OpenVAS Change Request #15: OpenVAS Server: Remove features for detached scans</a> (in progress)
 <li> <a href="openvas-cr-16.html">OpenVAS Change Request #16: OpenVAS-Client: Do not automatically enable new NVTs</a> (in discussion)
+<li> <a href="openvas-cr-17.html">OpenVAS Change Request #17: OTP: Make NVT signatures available to OpenVAS-Client</a> (in discussion)
 </ul>
 
 <h3>How to write a change request</h3>

More information about the Openvas-commits mailing list