I think it's entirely reasonable to have a default setting of 1024 bits
for the minimum key size. That satisfies the requirement of trying to
prevent human mistakes. But if you really want to go and over-ride the
recommended settings, that's your business.
For instance, both curl and wget have options to not check the ssl
certificate. That essentially obviates ssl since MitM attacks become
trivial. Firefox allows you to do this as well, though it's obscure:
https://www.techwalla.com/articles/how-to-disable-invalid-ssl-in-firefox
On 12/29/19 3:46 AM, Philipp Marek wrote:
Unix was not designed to stop you from doing stupid things, because
that would also stop you from doing clever things.
- Doug Gwyn, in Introducing Regular Expressions (2012) by Michael
Fitzgerald
Please note that this mostly applies to the priviledged administrative
account - as long as a you're a normal user the other users should be
protected from your mistakes. (g+w etc. is already "extended rights" ;)
In engineering, one of the major points is to foresee potential human
mistakes - and to take precautions to prevent them.
I see that SSH key length issue similar to operating big machinery -
you're protected as long as you use it normally; to tear a limb off
you need to become inventive.
(Search the internet for images "two-hand control".)
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
