From owner-freebsd-hackers Mon Apr 22 21:52:40 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from rwcrmhc52.attbi.com (rwcrmhc52.attbi.com [216.148.227.88]) by hub.freebsd.org (Postfix) with ESMTP id 25DB537B405; Mon, 22 Apr 2002 21:52:29 -0700 (PDT) Received: from bmah.dyndns.org ([12.233.149.189]) by rwcrmhc52.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020423045228.TLQI1901.rwcrmhc52.attbi.com@bmah.dyndns.org>; Tue, 23 Apr 2002 04:52:28 +0000 Received: from intruder.bmah.org (localhost [127.0.0.1]) by bmah.dyndns.org (8.12.3/8.12.3) with ESMTP id g3N4qScB049304; Mon, 22 Apr 2002 21:52:28 -0700 (PDT) (envelope-from bmah@intruder.bmah.org) Received: (from bmah@localhost) by intruder.bmah.org (8.12.3/8.12.3/Submit) id g3N4qSiK049303; Mon, 22 Apr 2002 21:52:28 -0700 (PDT) Message-Id: <200204230452.g3N4qSiK049303@intruder.bmah.org> X-Mailer: exmh version 2.5+ 20020416 with nmh-1.0.4 To: "Greg 'groggy' Lehey" Cc: hackers@FreeBSD.ORG Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) In-reply-to: <20020423131646.I6425@wantadilla.lemis.com> References: <11670.1019530386@winston.freebsd.org> <20020423131646.I6425@wantadilla.lemis.com> Comments: In-reply-to "Greg 'groggy' Lehey" message dated "Tue, 23 Apr 2002 13:16:46 +0930." From: "Bruce A. Mah" Reply-To: bmah@FreeBSD.ORG X-Face: g~c`.{#4q0"(V*b#g[i~rXgm*w;:nMfz%_RZLma)UgGN&=j`5vXoU^@n5v4:OO)c["!w)nD/!!~e4Sj7LiT'6*wZ83454H""lb{CC%T37O!!'S$S&D}sem7I[A 2V%N&+ X-Image-Url: http://www.employees.org/~bmah/Images/bmah-cisco-small.gif X-Url: http://www.employees.org/~bmah/ Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 22 Apr 2002 21:52:28 -0700 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG [CC list trimmed] If memory serves me right, "Greg 'groggy' Lehey" wrote: > 2. Document these things very well. Both this ssh change and the X > without TCP change are confusing. If three core team members were > surprised, it's going to surprise the end user a whole lot more. The SSH change happened before 4.5-RELEASE, but wasn't documented. I admit to having been totally unaware of this change at the time. green and I made several attempts at an item for the errata, which, while not perfect, does give some workarounds for the problem, including almost every one mentioned in this thread. So far, it looks like precious few people on this thread actually read it. :-( > We should at least have had a HEADS UP, Having run into the SSH change myself, I agree. I haven't bumped into the "X without TCP" change. > and we probably need a > security policy document with the distributions. Hmmm. Still trying to wrap my mind around this concept, but I'm worried that people won't read *that* document either. In any case, someone needs to maintain it to make sure it doesn't get stale. Cheers, Bruce. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message