Date: Tue, 23 Apr 2002 00:16:52 -0400 From: Anthony Schneider <aschneid@mail.slc.edu> To: "Greg 'groggy' Lehey" <grog@FreeBSD.ORG> Cc: Jordan Hubbard <jkh@winston.freebsd.org>, Robert Watson <rwatson@FreeBSD.ORG>, Oscar Bonilla <obonilla@galileo.edu>, Mike Meyer <mwm-dated-1019955884.8b118e@mired.org>, hackers@FreeBSD.ORG Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) Message-ID: <20020423001652.A15133@mail.slc.edu> In-Reply-To: <20020423131646.I6425@wantadilla.lemis.com>; from grog@FreeBSD.ORG on Tue, Apr 23, 2002 at 01:16:46PM %2B0930 References: <rwatson@FreeBSD.ORG> <Pine.NEB.3.96L.1020422223923.64976i-100000@fledge.watson.org> <11670.1019530386@winston.freebsd.org> <20020423131646.I6425@wantadilla.lemis.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--IS0zKkzwUGydFO0o
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
> be able to use it too. I'd suggest that we do the following:
>=20
> 1. Give the user the choice of these additional features at
> installation time. Recommend the procedures, but explain that you
> need to understand the differences.
>=20
> 2. Document these things very well. Both this ssh change and the X
> without TCP change are confusing. If three core team members were
> surprised, it's going to surprise the end user a whole lot more.
> We should at least have had a HEADS UP, and we probably need a
> security policy document with the distributions.
>=20
I disagree somewhat with #1. A "secure by default" policy is by far more
favorable than a "not so secure by default, but we'll try to let you know
how to make it more secure easily" policy. Consider a move to make telnetd
commented out in inetd.conf a default. Many newcomers will of course be
baffled, but it is in the long run a better policy, and people will get=20
used to it. =20
This example is somewhat of an *extremely* simplified analogy to adding
s/key authentication as a default before password authentication, but it=20
still holds in that a default installation had better be more secure than=
=20
not. If FreeBSD were to have installation dialogues with the user=20
suggesting that the user install certain components for security purposes,=
=20
the user will likely opt for the default "button," which I assume in this=
=20
case would default to have the less secure, more conventional option. =20
I think that #2 alone is the way to go. Make it "clear" (not that that=20
is necessarily an easy task) that the default install of a certain=20
software package no longer follows what has historically been the default,=
=20
or at least do so in the case where the software will become unusable to=20
the unknowing user.
Perhaps a "SEVERE DIFFERENCES" section of www.freebsd.org is in order? 8D
-Anthony.
> Greg
> --
> See complete headers for address and phone numbers
>=20
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-hackers" in the body of the message
-----------------------------------------------
PGP key at:
http://www.keyserver.net/
http://www.anthonydotcom.com/gpgkey/key.txt
Home:
http://www.anthonydotcom.com
-----------------------------------------------
--IS0zKkzwUGydFO0o
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjzE4DQACgkQ+rDjkNht5F3VWgCcD9tLXsA+FtswntwgvJVjCtTt
Mb0An0mzxR1HpObecoV7wTi+Q8DJgEj/
=hzuW
-----END PGP SIGNATURE-----
--IS0zKkzwUGydFO0o--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020423001652.A15133>