From owner-svn-src-head@freebsd.org Sun Aug 7 13:21:15 2016 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8F624BB0BDE for ; Sun, 7 Aug 2016 13:21:15 +0000 (UTC) (envelope-from mailing-machine@vniz.net) Received: from mail-lf0-f50.google.com (mail-lf0-f50.google.com [209.85.215.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 17AAC12E6 for ; Sun, 7 Aug 2016 13:21:14 +0000 (UTC) (envelope-from mailing-machine@vniz.net) Received: by mail-lf0-f50.google.com with SMTP id g62so230874323lfe.3 for ; Sun, 07 Aug 2016 06:21:14 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=ie9mxW4XNrrm9NpAXKKiJwMNTtf+noAIuZwt8h+uo84=; b=DRBQfezqcrnyoVr5AtgGKUtKlYWcNoQZ3w/rXNyOfJGPXM4NGaP27+9A/a/afwtM64 hajaz11Fl3lp3Uyt1OF5J97I6JNWfH/El28O1rpdM1/V9QGBkgES7du4+VdULkBeMR0U qHQYWYwPvEH8LWIcslQhBxGr6S2AWqEV+JX4ePpxR42plJUvGssVGBGpCXK7gBKSRLvl keOsaH/bftG2LBi4DRSCSwCoCSXgEk9krd9jzyALRjKYH1Wf+hZ8UFjc+p9159tmmwu2 ztWDSFtvUivfXi+WhMxt1sLv35X7mnvhqPXlZa0RgVVMRsVeEfGDIcdyHp+NuEfIXbqh 4Wug== X-Gm-Message-State: AEkooutbpjQoAfAqz4Tv1G/gNnMwdZE8ZwUrtA4YfB/07rakB3+5JGg2bN9o12Rx3iUWBg== X-Received: by 10.46.9.71 with SMTP id 68mr24828233ljj.0.1470576067370; Sun, 07 Aug 2016 06:21:07 -0700 (PDT) Received: from [192.168.1.2] ([89.169.173.68]) by smtp.gmail.com with ESMTPSA id p128sm4772418lfb.32.2016.08.07.06.21.06 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 07 Aug 2016 06:21:06 -0700 (PDT) Subject: Re: svn commit: r303716 - head/crypto/openssh To: Slawa Olhovchenkov References: <201608031608.u73G8Mjq055909@repo.freebsd.org> <9a01870a-d99d-13a2-54bd-01d32616263c@fastmail.net> <30e655d1-1df7-5e2a-fccb-269e3cea4684@freebsd.org> <20160807125227.GC22212@zxy.spb.ru> Cc: Bruce Simpson , Oliver Pinter , svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= From: Andrey Chernov Message-ID: <7237f5e6-fd65-a7e5-7751-4ed1c464b39a@freebsd.org> Date: Sun, 7 Aug 2016 16:21:05 +0300 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 In-Reply-To: <20160807125227.GC22212@zxy.spb.ru> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Aug 2016 13:21:15 -0000 On 07.08.2016 15:52, Slawa Olhovchenkov wrote: >> You should address your complains to original openssh author instead, it >> was his decision to get rid of weak algos. In my personal opinion, if >> your hardware is outdated, just drop it out. > > Hardware outdated by outdated main function, not by outdated ssh > upstream. There are too many reason for outdating hardware without losing its main function in real world. But I don't want to conduct a lecture. As I already say, it is just my personal opinion. > >> We can't turn our security >> team into compatibility team, by constantly restoring removed code, such >> code quickly becomes outdated and may add new security holes even being >> inactive. > > What is security hole by present this ciphers in _client_? It is obvious, but it will be better for you to ask openssh author about his decisions, I have no intention to act like explainer of his action.