From owner-freebsd-security Sat Jan 1 11:40: 9 2000 Delivered-To: freebsd-security@freebsd.org Received: from erouter0.it-datacntr.louisville.edu (erouter0.it-datacntr.louisville.edu [136.165.1.36]) by hub.freebsd.org (Postfix) with ESMTP id BA78C1507B; Sat, 1 Jan 2000 11:40:02 -0800 (PST) (envelope-from k.stevenson@louisville.edu) Received: from osaka.louisville.edu (osaka.louisville.edu [136.165.1.114]) by erouter0.it-datacntr.louisville.edu (Postfix) with ESMTP id CA3DC24D14; Sat, 1 Jan 2000 14:40:01 -0500 (EST) Received: by osaka.louisville.edu (Postfix, from userid 15) id 8608718605; Sat, 1 Jan 2000 14:39:51 -0500 (EST) Date: Sat, 1 Jan 2000 14:39:51 -0500 From: Keith Stevenson To: Brian Fundakowski Feldman Cc: security@FreeBSD.org Subject: Re: OpenSSH protocol 1.6 proposal Message-ID: <20000101143951.A4719@osaka.louisville.edu> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre3i In-Reply-To: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, Jan 01, 2000 at 01:49:22PM -0500, Brian Fundakowski Feldman wrote: > Let me know what you all think! I still haven't quite decided, but I > think packets which fail the SHA-1 test should be silently dropped, or > have a counter of them, rather than dropping the connection. Currently, > the connection is dropped and error messages displayed/transmitted. I > welcome input on that and all parts of this proposal :) > > P.S.: I realize other people may have proposed something very similar. > Indeed, markus's proposal may be something like this. However, > since it's impossible to work with anyone who is Theo, or > "under" Theo, it's unrealistic to work with that. Hence the > reason we need to make a code fork of OpenSSH as soon as > convenient. First of all, allow me to thank you for all of the work you have done maintaining OpenSSH for FreeBSD. I am looking forward to its entry into the base tree. (I'm also planning to convert from SSH to OpenSSH on all my systems as soon as it is feasible.) That said, the prospect of having a FreeBSD specific branch of OpenSSH disturbs me. I manage an extremely heterogeneous Unix environment and eventually hope to have OpenSSH running an all of my systems. I am concerned that if OpenSSH branches, that there will be inter-operability problems at some point down the road. While I appreciate the work that you are doing to make OpenSSH more secure, and I understand the difficulties involved in working with the OpenBSD folks, I urge you to try to avoid a code fork if it is at all possible. I don't want to one day have to decide which OpenSSH to deploy on my systems. Regards, --Keith Stevenson-- -- Keith Stevenson System Programmer - Data Center Services - University of Louisville k.stevenson@louisville.edu PGP key fingerprint = 4B 29 A8 95 A8 82 EA A2 29 CE 68 DE FC EE B6 A0 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message