On 2021/08/30 11:43, David Newall wrote: > On 28/8/21 2:57 am, Peter Stuge wrote: > > Damien Miller wrote: > > > I'm expecting a big fight when I eventually push to remove ssh-dss, > > FWIW I think that's long overdue, and understand your worry. > > I, too, understand your worry, but I also understand why there will be a lot > of pushback against removing it. > > A lot of equipment, perfectly good equipment, expensive equipment, but old > equipment requires it. Most of it is behind a security appliance so there's > no real risk is negligible if indeed it's not actually zero. > > Removing DSS removes management access to the equipment and the only reason > is a pedantic complaint that DSS is trivially broken. > > Please don't break equipment over well-meaning pedantry. Oh not this one again. OpenSSH already removed support for things used by some devices. It is annoying but the world didn't end - if you need to use some separate legacyssh binary (sometimes spelt 'p l i n k') to connect it acts as a good reminder that you're not really using a secure protocol for that connection. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
