Date: Tue, 10 Oct 2000 13:48:41 -0400 (EDT) From: Robert Watson <rwatson@FreeBSD.org> To: Matt Dillon <dillon@earth.backplane.com> Cc: Kris Kennaway <kris@citusc.usc.edu>, Terry Lambert <tlambert@primenet.com>, arch@FreeBSD.org, Poul-Henning Kamp <phk@critter.freebsd.dk>, Warner Losh <imp@village.org>, Jeroen Ruigrok van der Werven <jruigrok@via-net-works.nl> Subject: Re: cvs commit: src/etc inetd.conf Message-ID: <Pine.NEB.3.96L.1001010133649.28422C-100000@fledge.watson.org> In-Reply-To: <200010101729.e9AHTe913811@earth.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 10 Oct 2000, Matt Dillon wrote: > Most people don't care, they just type 'yes' when ssh complains about > seeing a new host for the first time and it gets recorded. So why should > they care on a first-time install? I certainly don't care... while it > is entirely proper for ssh to complain, it doesn't follow that a sysop > has to listen to it. > > This is certainly not a show stopper. Besides, you get no assurances at > all with telnet so this point isn't really relevant to the discussion. It was my distinct impression we were talking about secure remote log-ins, not administrators ignoring proper security procedures. I'm sorry to hear that Best was vulnerable to man-in-the-middle attacks, but I'm not sure that has any bearing on the conversation (and it's probably not something you want to share on public mailing lists). The point in bringing it up was that unless you go through the proper keying procedure, you don't gain much by switching to a keyed protocol from an un-keyed one. If we have a system in which it is impossible to follow the correct procedure, then it's arguable that forcing people to use the keyed protocol has no security benefit. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1001010133649.28422C-100000>