Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 11 Oct 2000 15:02:49 -0700 (PDT)
From:      Matt Dillon <dillon@earth.backplane.com>
To:        Poul-Henning Kamp <phk@critter.freebsd.dk>
Cc:        Marius Bendiksen <mbendiks@eunet.no>, arch@FreeBSD.ORG
Subject:   Re: cvs commit: src/etc inetd.conf 
Message-ID:  <200010112202.e9BM2ns23441@earth.backplane.com>
References:   <88823.971294422@critter>

next in thread | previous in thread | raw e-mail | index | archive | help
:In message <200010111905.e9BJ59X21786@earth.backplane.com>, Matt Dillon writes:
:
:>    There's being 'reasonable' and there's being 'unreasonable'.  This 
:>    type of argument doesn't wash when the reasonable thing to do, with
:>    the availability of ssh, is to make things 'reasonably secure' by
:>    default.  You can't ask for more, but neither should you require
:>    less.  The lowest common denominator is not telnet or ftp any more.
:
:Matt, we can make things very secure by default by not starting any
:network processes and no gettys.  That way people are forced to boot
:single user first time and configure their system.
:
:While people like you seem to prefer such "perfect" solutions, others
:recognize that they just *might* harm our market acceptance.
:
:Suggest you switch to OpenBSD, I think they would be more supportive
:of your approach.
:
:--
:Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
:phk@FreeBSD.ORG         | TCP/IP since RFC 956

    I really have to take exception to such an idiotic posting by Poul,
    whos seems to be trying to puts words in my mouth that I have not
    said... in fact, Poul knows very well that I am not advocating an
    OpenBSD-style position.  He also knows very well that I am not the
    type of person to take such remarks sitting down.

    I never once said or intimated that we should force people to boot
    single user first time and configure their systems.  I never once said
    or intimated that we should go to the extremes OpenBSD goes to.

    I've said one thing and one thing only:  That SSH is now enough of a 
    defacto standard that it obsoletes rlogind and telnetd.  I will also add
    that today's network environment is a hell of a lot more hostile then
    the networking environment as of the time rlogind and telnetd were
    written.  I believe, strongly, that ignoring the hostility of the network
    environment (whether you are installing rack mount boxes on a switched
    LAN or otherwise) and continuing to embrace, as a default means to
    configure a remote box, protocols that are not secure, is just plain 
    stupid.

    I hold this position, but the position itself does NOT imply that I hold
    to always having to take the most extreme measures.  Hence my comment
    in regards to ssh learning new host keys (and people saying 'yes' when
    ssh asks).  I do not know a single person who pre-sets his known_hosts
    file by obtaining a host key through an alternative path.  Not one.
    Why?  Because while man-in-the-middle attacks are possible, the possibility
    of them happening for the very first connection made to some host is
    so remote that spending the extra time to get the key through another
    path is just that--- a waste of time.

    There is pragmatism, and there is sheer idiocy.  A lot of people are using
    sheer idiocy (either to the extreme of justifying an unsecure login,
    or to the extreme of attempting to justify only supremely secure
    logins) to try to make their points in this forum.  Well, I'm sorry...
    I'm a pragmatist.  If you don't like, you can stuff it.

						-Matt



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200010112202.e9BM2ns23441>