Re: disable HPN in sshd for the -10 branch?

To: tech-userlevel%netbsd.org@localhost
Subject: Re: disable HPN in sshd for the -10 branch?
From: David Holland <dholland-tech%netbsd.org@localhost>
Date: Tue, 24 May 2022 00:45:17 +0000

On Mon, May 23, 2022 at 05:30:36PM -0700, John Nemeth wrote:
 > } I would say that doesn't really fit with what we want either, certainly
 > } without somebody really trying.  It breaks the rule that using ssh can
 > } count on confidentiality and integrity and makes systems with ssh as  a
 > } component harder to reason about.
 > 
 >      I would say it is something that should be available as an
 > option (likely a command line option).  ssh/scp has pretty much
 > completely replaced rsh/rcp (other than for people that go out of
 > their way to use those); however, there are many things that get
 > copied around that are completely public where encrypting them for
 > data transfer is useless overhead.  That said you likely still want
 > passwords encrypted and integrity checks.

(1) having an unencrypted option at all is one of the ways spooks like
to weaken cryptosystems; it creates ways to force/cause people to use
it when they didn't mean to.

(2) if you don't encrypt everything, you're telling anyone who's
listening which data's important.

IOW, I disagree entirely.

-- 
David A. Holland
dholland%netbsd.org@localhost

Follow-Ups:
- Re: disable HPN in sshd for the -10 branch?
  - From: Michael van Elst

References:
- Re: disable HPN in sshd for the -10 branch?
  - From: Greg Troxel
- Re: disable HPN in sshd for the -10 branch?
  - From: John Nemeth

Prev by Date: Re: disable HPN in sshd for the -10 branch?
Next by Date: Re: disable HPN in sshd for the -10 branch?
Previous by Thread: Re: disable HPN in sshd for the -10 branch?
Next by Thread: Re: disable HPN in sshd for the -10 branch?
Indexes:

Home | Main Index | Thread Index | Old Index