On Wed, 2014-11-12 at 01:43 -1000, Daniel Kahn Gillmor wrote: > What do other folks think is the right way to improve the default > behavior here? I'd probably: - default UseDNS = no, since it provides a false sense of security - I'd also go for -u0 per default, even though one should probably double check if that might somehow affect logging as used by prominent software like fail2ban - not sure what to do about from="pattern-list"... perhaps adding a warning there that using domainnames may be insecure anyway,.. perhaps adding a further option that enables/disables DNS for it? Apart form that UseDNS seems to be kinda misnomer... normally I'd expect from the name, that if I say UseDNS=no, then DNS is never used. But actually it's something different... Cheers, Chris.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev