On 2 January 2018 at 02:08, Damien Miller <djm@xxxxxxxxxxx> wrote: > On Fri, 29 Dec 2017, Daniel Kahn Gillmor wrote: > >> On Thu 2017-12-28 21:31:28 -0800, Dan Mahoney (Gushi) wrote: >> > Why not make minimum key length a tunable, just as the other options are? >> >> Because the goal of building secure software is to make it easy to >> answer the question "are you using it securely?" > > This is a nice summation of our approach. It's the same reason we've > never implemented the null cipher and also one of the reasons we removed > SSHv1. Yeah, and broke a lot of institutions and forced them to avoid any further updates. Thanks to your broken policy of breaking backwards compatibility the deployment of ssh has gotten a lot more insecure, i.e. you got exactly the opposite of what you wanted to archive. Maybe its time to have another April RFC, with ssh now as target and with your name on it. I'd propose to make it mandatory for all sshv2 implementations too, and implement a 1 bit key and 1 bit password to make sshv2 exactly that what it has become: Broken Ced -- Cedric Blancher <cedric.blancher@xxxxxxxxx> [https://plus.google.com/u/0/+CedricBlancher/] Institute Pasteur _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev