David Newall wrote:
I think a very good question which needs to be asked is, what value
does disallowing shorter keys bring over severely deprecating them
(i.e. allowing them by use of command argument on a per-session
basis)? I cannot see a single benefit; it won't stop use of shorter
keys, it will just stop use of the latest openssh.
At what point is the security hole so great that "deprecation" is no
longer acceptable? I can point out 20+ year old devices still running
sshv1 only protocol. Do we need to keep this complexity until that
number is zero? Even though it has been broken and known insecure for
decades.
And how many annoying "Do you really want to do this?" type questions do
you prompt the user and assume it is "fine"?
This is an honest question as that seems to be the core of the issue.
What balance between known insecure, complexity (allowing low value keys
in the client, prompting the user to verify they want to do this, and
disabling it in the server), and removing proven insecure features?
Ben
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev