I fully agree with Steve here, and dislike developers' attitude of "We know what's good for you, and since you don't/can't have a clue - we won't trust you with decisions".
Well, I'm on the developers' side. They need to produce a product that _now_ gets installed in some embedded device and is expected to be still secure in 15 years and longer - as this thread proves. So the emphasis _must_ be on conservative defaults. But I've been on the other side as well 20 years ago, trying to run SSH on a 200MHz RISC machine... Engineering sometimes needs trade-offs, yeah.
Minimal key size should have a "reasonable" default, and an explicit config parameter to override it and set to whatever value that *specific* installation needs.
No, that's too easy. I've seen too many decisions made on such a basis - "just configure security down until it works" - but these invariably lead to disaster. Still, recompilation has a too variable cost (in the dependencies) - it's hard to be sure that you _only_ changed that one constant and didn't forget something that ./configure would have found etc.
There's no way the developers can know or evaluate every possible use case or related threat model -
No, they don't. They only know the most common 90%, of which eg. _I_ probably only know 20%.
so they shouldn't behave as if they do...
Well, like a parent they try to save you from bad decisions. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
