Re: Legacy option for key length?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



If you mean put zero warnings and not 'wait until there are zero users'
then I see in that a tacit agreement that indeed there comes a time when
the userbase is small enough that it warrants removal/disablement
(especially if there is a security concern, even more especially in
security related software). Then it's just a question of when, and as is
their custom and prerrogative, OpenSSH chose earlier than you would have
liked in this case. Making such judgement calls is partially what made them
the popular SSH client/server that they are.

2018-01-02 2:16 GMT-05:00 Haven Tristan Hash <havenster@xxxxxxxxx>:

>
>
>> I think zero.
>
>
> That seems like a pretty untenable position.
>
> Note that a less extreme stance than this (0!) still led OpenSSL to
> support VMS, Netware and 16-bit Windows into 2014 and beyond. Creating a
> larger, more complex codebase which contributed to security problems.
> Security being the entire point, this was deemed by others (OpenBSD from
> whence comes this very OpenSSH) to be counter-productive. OpenBSD then
> forked and removed said support. So their philosophy on removing insecure
> baggage is pretty clear and consistent.
>
> It seems like you grant the point that the 768 bit keys are insecure and
> you don't mind, in which case you likely already have an easily accesible
> command line option to access these devices called telnet.
>
>
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux