From owner-freebsd-hackers Mon Apr 22 21:14:36 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from slc.edu (weir-01c.slc.edu [207.106.89.46]) by hub.freebsd.org (Postfix) with ESMTP id 0CBA837B41A; Mon, 22 Apr 2002 21:14:30 -0700 (PDT) Received: (from anthony@localhost) by slc.edu (8.11.6/8.11.6) id g3N4GqJ15199; Tue, 23 Apr 2002 00:16:52 -0400 (EDT) (envelope-from anthony) Date: Tue, 23 Apr 2002 00:16:52 -0400 From: Anthony Schneider To: "Greg 'groggy' Lehey" Cc: Jordan Hubbard , Robert Watson , Oscar Bonilla , Mike Meyer , hackers@FreeBSD.ORG Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) Message-ID: <20020423001652.A15133@mail.slc.edu> References: <11670.1019530386@winston.freebsd.org> <20020423131646.I6425@wantadilla.lemis.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="IS0zKkzwUGydFO0o" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020423131646.I6425@wantadilla.lemis.com>; from grog@FreeBSD.ORG on Tue, Apr 23, 2002 at 01:16:46PM +0930 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --IS0zKkzwUGydFO0o Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable > be able to use it too. I'd suggest that we do the following: >=20 > 1. Give the user the choice of these additional features at > installation time. Recommend the procedures, but explain that you > need to understand the differences. >=20 > 2. Document these things very well. Both this ssh change and the X > without TCP change are confusing. If three core team members were > surprised, it's going to surprise the end user a whole lot more. > We should at least have had a HEADS UP, and we probably need a > security policy document with the distributions. >=20 I disagree somewhat with #1. A "secure by default" policy is by far more favorable than a "not so secure by default, but we'll try to let you know how to make it more secure easily" policy. Consider a move to make telnetd commented out in inetd.conf a default. Many newcomers will of course be baffled, but it is in the long run a better policy, and people will get=20 used to it. =20 This example is somewhat of an *extremely* simplified analogy to adding s/key authentication as a default before password authentication, but it=20 still holds in that a default installation had better be more secure than= =20 not. If FreeBSD were to have installation dialogues with the user=20 suggesting that the user install certain components for security purposes,= =20 the user will likely opt for the default "button," which I assume in this= =20 case would default to have the less secure, more conventional option. =20 I think that #2 alone is the way to go. Make it "clear" (not that that=20 is necessarily an easy task) that the default install of a certain=20 software package no longer follows what has historically been the default,= =20 or at least do so in the case where the software will become unusable to=20 the unknowing user. Perhaps a "SEVERE DIFFERENCES" section of www.freebsd.org is in order? 8D -Anthony. > Greg > -- > See complete headers for address and phone numbers >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message ----------------------------------------------- PGP key at: http://www.keyserver.net/ http://www.anthonydotcom.com/gpgkey/key.txt Home: http://www.anthonydotcom.com ----------------------------------------------- --IS0zKkzwUGydFO0o Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjzE4DQACgkQ+rDjkNht5F3VWgCcD9tLXsA+FtswntwgvJVjCtTt Mb0An0mzxR1HpObecoV7wTi+Q8DJgEj/ =hzuW -----END PGP SIGNATURE----- --IS0zKkzwUGydFO0o-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message