From owner-svn-doc-all@freebsd.org Thu Aug 4 15:07:19 2016 Return-Path: Delivered-To: svn-doc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 19ACABAFD60; Thu, 4 Aug 2016 15:07:19 +0000 (UTC) (envelope-from wblock@wonkity.com) Received: from wonkity.com (wonkity.com [67.158.26.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "wonkity.com", Issuer "wonkity.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id D5A1A1C64; Thu, 4 Aug 2016 15:07:18 +0000 (UTC) (envelope-from wblock@wonkity.com) Received: from wonkity.com (localhost [127.0.0.1]) by wonkity.com (8.15.2/8.15.2) with ESMTPS id u74F7HXL053678 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 4 Aug 2016 09:07:17 -0600 (MDT) (envelope-from wblock@wonkity.com) Received: from localhost (wblock@localhost) by wonkity.com (8.15.2/8.15.2/Submit) with ESMTP id u74F7Hj5053675; Thu, 4 Aug 2016 09:07:17 -0600 (MDT) (envelope-from wblock@wonkity.com) Date: Thu, 4 Aug 2016 09:07:17 -0600 (MDT) From: Warren Block To: Kubilay Kocak cc: Benedict Reuschling , doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: Re: svn commit: r49211 - head/en_US.ISO8859-1/articles/committers-guide In-Reply-To: Message-ID: References: <201608031543.u73FhA70048459@repo.freebsd.org> User-Agent: Alpine 2.20 (BSF 67 2015-01-07) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (wonkity.com [127.0.0.1]); Thu, 04 Aug 2016 09:07:18 -0600 (MDT) X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Aug 2016 15:07:19 -0000 On Thu, 4 Aug 2016, Kubilay Kocak wrote: > On 4/08/2016 1:43 AM, Benedict Reuschling wrote: >> Author: bcr >> Date: Wed Aug 3 15:43:10 2016 >> New Revision: 49211 >> URL: https://svnweb.freebsd.org/changeset/doc/49211 >> >> Log: >> Remove mention of specific key types to discourage the generation >> of old and potentially insecure keys. >> >> Discussed with: David Wolfskill >> >> Modified: >> head/en_US.ISO8859-1/articles/committers-guide/article.xml >> >> Modified: head/en_US.ISO8859-1/articles/committers-guide/article.xml >> ============================================================================== >> --- head/en_US.ISO8859-1/articles/committers-guide/article.xml Wed Aug 3 13:59:21 2016 (r49210) >> +++ head/en_US.ISO8859-1/articles/committers-guide/article.xml Wed Aug 3 15:43:10 2016 (r49211) >> @@ -3105,7 +3105,7 @@ Relnotes: yes >> >> >> If you do not wish to type your password in every time >> - you use &man.ssh.1;, and you use RSA or DSA keys to >> + you use &man.ssh.1;, and you use keys to >> authenticate, &man.ssh-agent.1; is there for your >> convenience. If you want to use &man.ssh-agent.1;, make >> sure that you run it before running other applications. X > > Without making a bikeshed out of it, could we provide some basic > recommendations here? Examples (note: *just* examples) > > rsa with new key format, preferred bits, explicit passphrase > > -o -t rsa -b -N > > ed25519 with new key format, explicit passphrase > > -t ed25519 -o -N (new format) > > These might help ensure people don't accidentally (or through lack of > knowledge) create keys without passphrases, and provide a bump up on the > (openssh) defaults. > > I'd be happy to write something short and sweet up in the wiki for > review first if needed, as well as get input from secteam and other > people as well. Agreed. Without recommendations, inexperienced users are just going to accept the defaults. Which is fine, if the defaults are good.