From owner-freebsd-hackers  Tue Apr 23  3:22:50 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from www.example.org (dhcp-nic-val-26-130.cisco.com [64.103.26.130])
	by hub.freebsd.org (Postfix) with SMTP id 1FD6637B400
	for <hackers@freebsd.org>; Tue, 23 Apr 2002 03:22:36 -0700 (PDT)
Received: (qmail 9451 invoked by uid 1000); 23 Apr 2002 10:22:31 -0000
Message-ID: <20020423102231.9450.qmail@cobweb.example.org>
Date: Tue, 23 Apr 2002 12:22:31 +0200
From: Marco Molteni <molter@tin.it>
To: hackers@freebsd.org
Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?)
In-Reply-To: <20020423093826.GA58411@mithrandr.moria.org>
References: <rwatson@FreeBSD.ORG>
	<11670.1019530386@winston.freebsd.org>
	<20020423131646.I6425@wantadilla.lemis.com>
	<200204231009.51297.j.kossen@home.nl>
	<20020423183452.M6425@wantadilla.lemis.com>
	<20020423211359.D48271@cs.waikato.ac.nz>
	<20020423093826.GA58411@mithrandr.moria.org>
X-Mailer: Sylpheed version 0.7.4 (GTK+ 1.2.10; i386-portbld-freebsd4.5)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

On Tue, 23 Apr 2002 11:38:26 +0200, Neil Blakey-Milner <nbm@mithrandr.moria.org> wrote:

> On Tue 2002-04-23 (21:13), Joerg Micheel wrote:

[..]

> > The system has to work right away, when installed out of the box. Period.
> > No when's and if's. And don't tell me that X11 is an add-on and luxury.
> > We are living in the 21st century.
> 
> There are people who will tell people that still use X11 tcp sockets to
> start living in the 21st century.  ssh X11 forwarding still works, it's
> only the (often much lower security) tcp sockets that are disabled by
> default.  (And if the "none" cipher is available, the overhead would be
> minimal for even the most underpowered machine.)

[..]

I completely agree with Neil. Being scared by X11 access mechanisms, I
always disabled the TCP listen of the X server, and I always used ssh
with X forwarding.

marco

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message