Date: Wed, 11 Oct 2000 15:02:49 -0700 (PDT) From: Matt Dillon <dillon@earth.backplane.com> To: Poul-Henning Kamp <phk@critter.freebsd.dk> Cc: Marius Bendiksen <mbendiks@eunet.no>, arch@FreeBSD.ORG Subject: Re: cvs commit: src/etc inetd.conf Message-ID: <200010112202.e9BM2ns23441@earth.backplane.com> References: <88823.971294422@critter>
next in thread | previous in thread | raw e-mail | index | archive | help
:In message <200010111905.e9BJ59X21786@earth.backplane.com>, Matt Dillon writes:
:
:> There's being 'reasonable' and there's being 'unreasonable'. This
:> type of argument doesn't wash when the reasonable thing to do, with
:> the availability of ssh, is to make things 'reasonably secure' by
:> default. You can't ask for more, but neither should you require
:> less. The lowest common denominator is not telnet or ftp any more.
:
:Matt, we can make things very secure by default by not starting any
:network processes and no gettys. That way people are forced to boot
:single user first time and configure their system.
:
:While people like you seem to prefer such "perfect" solutions, others
:recognize that they just *might* harm our market acceptance.
:
:Suggest you switch to OpenBSD, I think they would be more supportive
:of your approach.
:
:--
:Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
:phk@FreeBSD.ORG | TCP/IP since RFC 956
I really have to take exception to such an idiotic posting by Poul,
whos seems to be trying to puts words in my mouth that I have not
said... in fact, Poul knows very well that I am not advocating an
OpenBSD-style position. He also knows very well that I am not the
type of person to take such remarks sitting down.
I never once said or intimated that we should force people to boot
single user first time and configure their systems. I never once said
or intimated that we should go to the extremes OpenBSD goes to.
I've said one thing and one thing only: That SSH is now enough of a
defacto standard that it obsoletes rlogind and telnetd. I will also add
that today's network environment is a hell of a lot more hostile then
the networking environment as of the time rlogind and telnetd were
written. I believe, strongly, that ignoring the hostility of the network
environment (whether you are installing rack mount boxes on a switched
LAN or otherwise) and continuing to embrace, as a default means to
configure a remote box, protocols that are not secure, is just plain
stupid.
I hold this position, but the position itself does NOT imply that I hold
to always having to take the most extreme measures. Hence my comment
in regards to ssh learning new host keys (and people saying 'yes' when
ssh asks). I do not know a single person who pre-sets his known_hosts
file by obtaining a host key through an alternative path. Not one.
Why? Because while man-in-the-middle attacks are possible, the possibility
of them happening for the very first connection made to some host is
so remote that spending the extra time to get the key through another
path is just that--- a waste of time.
There is pragmatism, and there is sheer idiocy. A lot of people are using
sheer idiocy (either to the extreme of justifying an unsecure login,
or to the extreme of attempting to justify only supremely secure
logins) to try to make their points in this forum. Well, I'm sorry...
I'm a pragmatist. If you don't like, you can stuff it.
-Matt
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200010112202.e9BM2ns23441>