Date: Mon, 27 Nov 2000 09:56:55 -0500 From: Niels Provos <provos@citi.umich.edu> To: "Jeroen C. van Gelderen" <jeroen@vangelderen.org> Cc: Kris Kennaway <kris@FreeBSD.ORG>, "Brian F. Feldman" <green@FreeBSD.ORG>, security@FreeBSD.ORG Subject: Re: OpenSSH 2.3.0 pre-upgrade Message-ID: <20001127145655.07C53207C1@citi.umich.edu> In-Reply-To: "Jeroen C. van Gelderen", Sun, 26 Nov 2000 18:57:16 -0400
next in thread | raw e-mail | index | archive | help
In message <3A21954C.F9E9D25F@vangelderen.org>, "Jeroen C. van Gelderen" writes : >Or at a more basic level: Are cooked primes a problem in >this setting?[1] If not, you want to mention this as a >non-issue in the "Security Considerations" section. If >cooked primes are indeed a problem the protocol needs to >be enhanced to counter them. Either way, the draft needs >a couple of extra words IMHO. That is not an issue. You need to trust the server anyway. If you have any helpful wording that could be added to the draft, I will be more than happy to include it. >Anyway, my assumption that dh-group-exchange is non-standard >still holds as far as I can see so I'd still recommend not >enabling this feature by default for now. There are a couple of implementations besides OpenSSH that support it. Of course, you could still disable it, but you should think about it carefully. >What steps have to taken to have this standardized? Is this >proposal being considered by the IETF secsh working group? We are working on it, it takes time though. Niels. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001127145655.07C53207C1>