From owner-svn-doc-all@freebsd.org Thu Aug 4 07:11:27 2016 Return-Path: Delivered-To: svn-doc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B6420BAE571; Thu, 4 Aug 2016 07:11:27 +0000 (UTC) (envelope-from koobs.freebsd@gmail.com) Received: from mail-pa0-x243.google.com (mail-pa0-x243.google.com [IPv6:2607:f8b0:400e:c03::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 83D511699; Thu, 4 Aug 2016 07:11:27 +0000 (UTC) (envelope-from koobs.freebsd@gmail.com) Received: by mail-pa0-x243.google.com with SMTP id q2so16173116pap.0; Thu, 04 Aug 2016 00:11:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:reply-to:subject:references:to:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=vUxbuhFhxBdMticJr8yy4IQ3Y4/F71jylnNCLW/tmjk=; b=a3QfiMQFD53XmvX20w/ierAn7acg3oZi2avmSxRNugSRhVaDYRDVeCwU+EFYz493WR uCUCPisAsgCTIne/pbBxm2piyGjChbKrGVd9LY1Hx2G7g6zM5L86hM1TeqrS1jCuKNlx nlA0MO99KrMADneRe1VFs2jPBQFYSidx/KzoEYDIjZ0xYKYV8OM20A3ljdj8ph7T+kkV NT9tdg/NQwqtpwhmxdAl/ygfmWVAeKxjh5ipPlX1HRYbB6jpbToCBVPPkVpyK8FIvlMl jfqaXZk5p19lFgi4yt+CGCrcI4X3DtEv4UYnVp0fFzZRuIBRqfj6kJbq+Hl4/jdMkXF/ qQEg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:sender:reply-to:subject:references:to:from :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=vUxbuhFhxBdMticJr8yy4IQ3Y4/F71jylnNCLW/tmjk=; b=gX+nIQxQgy5TrZ+JiSWtsg18Gzusbck7jbiGD4JREg9s38Nu+JnmSQbMGUR8QggFId WhIxCgFQe1javG5xqfTkgrCJCDY6RkZfsj4iVzeOb0KTEYtntiYqSF6a6BODihSeqnej 0BM45NJql5Nz3JRnN+WacU0NYI8ASNXMGU9q8paXknqX+cfP5CvYlyGtR+RTq8SUzQOn DjsqnA44xlo02IQzDosYqaOex1GL/i2zF2aKAfCeayKJt57ARelxxI9OVx2FYlfwKnkv IW7ga82nLH7gQhBnZwUS1jVSu0fuQzsXHmoLQyEB2oym8b1m4fx7RZzGOPhjx2sIqEAV oawg== X-Gm-Message-State: AEkooutk9VzSUjmL7adDjwqFumzbE5TFxwQybgWNI1l1nQewxTZslHp5NcEJBsnmXRdpiw== X-Received: by 10.66.13.200 with SMTP id j8mr122457508pac.150.1470294686980; Thu, 04 Aug 2016 00:11:26 -0700 (PDT) Received: from ?IPv6:2001:44b8:31ae:7b01:f985:3c4b:2a0c:8bea? (2001-44b8-31ae-7b01-f985-3c4b-2a0c-8bea.static.ipv6.internode.on.net. [2001:44b8:31ae:7b01:f985:3c4b:2a0c:8bea]) by smtp.gmail.com with ESMTPSA id h1sm17452257pay.48.2016.08.04.00.11.24 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 04 Aug 2016 00:11:26 -0700 (PDT) Sender: Kubilay Kocak Reply-To: koobs@FreeBSD.org Subject: Re: svn commit: r49211 - head/en_US.ISO8859-1/articles/committers-guide References: <201608031543.u73FhA70048459@repo.freebsd.org> To: Benedict Reuschling , doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org From: Kubilay Kocak Message-ID: Date: Thu, 4 Aug 2016 17:11:11 +1000 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Thunderbird/50.0a2 MIME-Version: 1.0 In-Reply-To: <201608031543.u73FhA70048459@repo.freebsd.org> Content-Type: text/plain; charset=utf-8 Content-Language: en-AU Content-Transfer-Encoding: 7bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Aug 2016 07:11:27 -0000 On 4/08/2016 1:43 AM, Benedict Reuschling wrote: > Author: bcr > Date: Wed Aug 3 15:43:10 2016 > New Revision: 49211 > URL: https://svnweb.freebsd.org/changeset/doc/49211 > > Log: > Remove mention of specific key types to discourage the generation > of old and potentially insecure keys. > > Discussed with: David Wolfskill > > Modified: > head/en_US.ISO8859-1/articles/committers-guide/article.xml > > Modified: head/en_US.ISO8859-1/articles/committers-guide/article.xml > ============================================================================== > --- head/en_US.ISO8859-1/articles/committers-guide/article.xml Wed Aug 3 13:59:21 2016 (r49210) > +++ head/en_US.ISO8859-1/articles/committers-guide/article.xml Wed Aug 3 15:43:10 2016 (r49211) > @@ -3105,7 +3105,7 @@ Relnotes: yes > > > If you do not wish to type your password in every time > - you use &man.ssh.1;, and you use RSA or DSA keys to > + you use &man.ssh.1;, and you use keys to > authenticate, &man.ssh-agent.1; is there for your > convenience. If you want to use &man.ssh-agent.1;, make > sure that you run it before running other applications. X Without making a bikeshed out of it, could we provide some basic recommendations here? Examples (note: *just* examples) rsa with new key format, preferred bits, explicit passphrase -o -t rsa -b -N ed25519 with new key format, explicit passphrase -t ed25519 -o -N (new format) These might help ensure people don't accidentally (or through lack of knowledge) create keys without passphrases, and provide a bump up on the (openssh) defaults. I'd be happy to write something short and sweet up in the wiki for review first if needed, as well as get input from secteam and other people as well.