Date: Wed, 27 Mar 2002 07:42:36 -0500 From: Michael Lucas <mwlucas@blackhelicopters.org> To: Dan Lowe <dan@tangledhelix.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: It's time for those 2048-, 3072-, and 4096-bit keys? Message-ID: <20020327074236.B86929@blackhelicopters.org> In-Reply-To: <20020326181634.A919@lothlorien.tangledhelix.net>; from dan@tangledhelix.com on Tue, Mar 26, 2002 at 06:16:34PM -0500 References: <20020326185714.F22539@mail.webmonster.de> <20020326182003.F15545-100000@patrocles.silby.com> <20020326181634.A919@lothlorien.tangledhelix.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Mar 26, 2002 at 06:16:34PM -0500, Dan Lowe wrote: > Previously, Mike Silbersack wrote: > > > > Yes, upgrading clients to v2 would be best. However, I don't think that > > locking out v1 users would be the best way to achieve that. The most > > likely result of doing so would be people falling back to telnet. > > On a system where security is of any concern whatsoever, why would telnet > be available in the first place? I just dealt with a group of "senior" admins here in Detroit who weren't familiar with the problems of telneting to their Ciscos. Ethereal was quite the shock to them. :-) It's taken us years to basically scrub telnet off the map, and it's still not gone. SSHv1 is far better than telnet, and there are any number of v1 clients still out there. Please don't make it any harder than it absolutely has to be. Perhaps a comment in the file, "we recommend using v2 whenever possible", so people stumble across it frequently even if they don't bother reading the docs? ==ml -- Michael Lucas mwlucas@FreeBSD.org, mwlucas@BlackHelicopters.org my FreeBSD column: http://www.oreillynet.com/pub/q/Big_Scary_Daemons http://www.blackhelicopters.org/~mwlucas/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020327074236.B86929>