On 27/12/19 6:16 pm, Philipp Marek wrote:
I fully agree with Steve here, and dislike developers' attitude of "We
know what's good for you, and since you don't/can't have a clue - we
won't trust you with decisions".
Well, I'm on the developers' side.
They need to produce a product that _now_ gets installed in some
embedded device and is expected to be still secure in 15 years and
longer - as this thread proves.
What this thread proves is that we didn't make a SSH that was secure for
15 years. We did attempt to break old systems; how rude of us. We
shouldn't do that.
Minimal key size should have a "reasonable" default, and an explicit
config parameter to override it and set to whatever value that
*specific* installation needs.
No, that's too easy.
It's not a bad idea.
I've seen too many decisions made on such a basis - "just configure
security down until it works" - but these invariably lead to disaster.
Hyperbole much? No need for...
Well, like a parent they try to save you from bad decisions.
...arrogance.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
