From owner-freebsd-security@freebsd.org Wed Nov 11 23:33:26 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3389DA2CF96; Wed, 11 Nov 2015 23:33:26 +0000 (UTC) (envelope-from kaduk@mit.edu) Received: from dmz-mailsec-scanner-6.mit.edu (dmz-mailsec-scanner-6.mit.edu [18.7.68.35]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8F9A71948; Wed, 11 Nov 2015 23:33:24 +0000 (UTC) (envelope-from kaduk@mit.edu) X-AuditID: 12074423-f797f6d0000023d0-04-5643cf0fb423 Received: from mailhub-auth-4.mit.edu ( [18.7.62.39]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-6.mit.edu (Symantec Messaging Gateway) with SMTP id 9F.F9.09168.F0FC3465; Wed, 11 Nov 2015 18:28:15 -0500 (EST) Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id tABNSERP010994; Wed, 11 Nov 2015 18:28:14 -0500 Received: from multics.mit.edu (system-low-sipb.mit.edu [18.187.2.37]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id tABNSAqx029612 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 11 Nov 2015 18:28:13 -0500 Received: (from kaduk@localhost) by multics.mit.edu (8.12.9.20060308) id tABNSAPh027634; Wed, 11 Nov 2015 18:28:10 -0500 (EST) Date: Wed, 11 Nov 2015 18:28:10 -0500 (EST) From: Benjamin Kaduk To: Daniel Kalchev cc: "freebsd-current@freebsd.org" , "freebsd-security@freebsd.org" Subject: kereros telnet/rlogin/etc. (was Re: OpenSSH HPN) In-Reply-To: <546376BD-A2E7-4B73-904E-4F33DD82401E@digsys.bg> Message-ID: References: <86io5a9ome.fsf@desk.des.no> <20151110175216.GN65715@funkthat.com> <56428C84.8050600@FreeBSD.org> <20151111075930.GR65715@funkthat.com> <546376BD-A2E7-4B73-904E-4F33DD82401E@digsys.bg> User-Agent: Alpine 1.10 (GSO 962 2008-03-14) MIME-Version: 1.0 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFupkleLIzCtJLcpLzFFi42IRYrdT1+U/7xxmcPIpr8XVDwcYLea8+cBk 0bPpCZsDs8el5X9YPGZ8ms8SwBTFZZOSmpNZllqkb5fAlfFw/Qa2glVcFY/fyzYw7ufoYuTk kBAwkTjwdQozhC0mceHeerYuRi4OIYHFTBInvp1ggXA2Mkq8f9LOCuEcYpJYd2kiO4TTwCjx qf0eC0g/i4C2xPKJ19hBbDYBFYmZbzaygdgiAqoSl46eBetmFmhnlJi3dRYjSEJYwFJi85dl YDangK3E94YmsEN4BRwltr2ZANYsJHCBSeLrcX8QW1RAR2L1/iksEDWCEidnPgGyOYCGBkrc OmU4gVFwFpLMLIQMSJhZQF2i8cFZNghbW+L+zTa2BYwsqxhlU3KrdHMTM3OKU5N1i5MT8/JS i3TN9HIzS/RSU0o3MYJD3EV5B+Ofg0qHGAU4GJV4eCfMdA4TYk0sK67MPcQoycGkJMorfwIo xJeUn1KZkVicEV9UmpNafIhRgoNZSYQ3YB5QjjclsbIqtSgfJiXNwaIkzrvpB1+IkEB6Yklq dmpqQWoRTFaGg0NJgvfSWaBGwaLU9NSKtMycEoQ0EwcnyHAeoOHS50CGFxck5hZnpkPkTzEq SonzHgZpFgBJZJTmwfWCU9BuJtVXjOJArwjzvgSp4gGmL7juV0CDmYAGf5FwAhlckoiQkmpg lGOb+mbnthcs86Xn3BGWu+//+ubnfI+uSV+6td9s6lBddy9Vp7r34v99Nyau3vk3sF7vzQ4G Lgfx/2s9Wk9wSLg2evQbOIq7xuSGyIlM+P9y/0u5hh33pymbqNpPebpBNsPG8Mba86XbKh0d Xl9kyfZocF91ZYP+t/cT6/59bY7m/cF4mP3YBSWW4oxEQy3mouJEAJV7fRocAwAA Content-Type: TEXT/PLAIN; charset=utf-8 Content-Transfer-Encoding: QUOTED-PRINTABLE X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Nov 2015 23:33:26 -0000 On Wed, 11 Nov 2015, Daniel Kalchev wrote: > > Perhaps similar level of security could be achieved by =E2=80=9Cthe old t= ools=E2=80=9D > if they were by default compiled with Kerberos. Although, this still > requires building additional infrastructure. The kerberized versions of the old tools are basically unsupported upstream at this point. Telnet is actively insecure, being limited to single-DES; rlogin may be somewhat better but it's still not looking very good. ssh is better because it speaks GSS-API instead of raw kerberos, and can thus keeps up with newer crypto automatically. When I was working at MIT, I considered making a final release of the krb5-appl distribution, so as to include in the release announcement that they were not going to be supported further, but could not even bring myself to do that. They are not in Debian anymore, and I expect them to dwindle from other distributions, too. Let the "old tools" grow old and retire. -Ben From owner-freebsd-security@freebsd.org Wed Nov 11 23:48:36 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 50545A2C3B9 for ; Wed, 11 Nov 2015 23:48:36 +0000 (UTC) (envelope-from bilbo@hobbiton.org) Received: from mail-wm0-x236.google.com (mail-wm0-x236.google.com [IPv6:2a00:1450:400c:c09::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DB40B10FA for ; Wed, 11 Nov 2015 23:48:35 +0000 (UTC) (envelope-from bilbo@hobbiton.org) Received: by wmdw130 with SMTP id w130so133195231wmd.0 for ; Wed, 11 Nov 2015 15:48:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hobbiton_org.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=0tuAvlkZYjOvtSv/6UaY636uzA2vY6XgvZ/LF3w2LI0=; b=rLwF1PUBUUMCATxsQhftQUKKlwk7TzrdCh+wWL1We2/i/jF/ISm3wjDNYCzn87xpiV i1+iSUDak3vvJWbfyjq3CtftI9BXkgS9VFeaidnX92Oc6n88pZeTD6/LQzKDYAB62VSh ra74MdayLYWVvmuGTlO8lmReKQYk0cAFeJZDLkfQX6ANF4bm+GL4SKD7dhcrg2k01Nps QHi/gLbuxLSbKJC0QvVafBIc3gTFFT5nbxXeCRzTQ2tYaJ+buI1aJRf71UJU6ffiwSiE 8ZtayXMFFOts6RdA+OlHEQMdQVHOf1nuXDZr9w4gTNmeHcf/LVfjQ/p46HYZtzSyfSKd GUAw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=0tuAvlkZYjOvtSv/6UaY636uzA2vY6XgvZ/LF3w2LI0=; b=EeXPcoaJbfZghkzhOO77ZCB+naXbvudEl1GLmsQDNIk/dYO4ohlMkWz81jF9hxncjB x6s/cXyjcStvOt0h72XqIDlj/gXBXFlQsA/4m3RqWMgQCaEMU4eW4oLqlFODxd1Cm3rV rSRW7EE3NZIB0P3kS/IZO0/qN4/7M3hU9I6+2BvLYqyK0shWrbYLXUiK31i+8k1V71YO 1Wi4PkGiK8ozTz3oWPw77DPwuCieawmgDEuRAcmVULsrJ1PMPH0iHNK5byvViUNcDb7b yL+Nm90OLrDBY3Qn4YDtxD3/f7IKBcdhJHex8NERap5O/PictHvvoeYocOZO3guj0zeS q+lg== X-Gm-Message-State: ALoCoQlNRojcCeBj6iuhgJvGGhtaKHIgKuUrff+onAKAlO21EU4WbRPdngUDmXmkY7FRbwRiBW7U X-Received: by 10.28.137.211 with SMTP id l202mr14487997wmd.90.1447285714028; Wed, 11 Nov 2015 15:48:34 -0800 (PST) MIME-Version: 1.0 Received: by 10.28.100.134 with HTTP; Wed, 11 Nov 2015 15:47:54 -0800 (PST) X-Originating-IP: [96.3.203.123] In-Reply-To: References: <86io5a9ome.fsf@desk.des.no> <20151110175216.GN65715@funkthat.com> <56428C84.8050600@FreeBSD.org> <20151111014102.GQ65715@funkthat.com> From: Leif Pedersen Date: Wed, 11 Nov 2015 17:47:54 -0600 Message-ID: Subject: Re: OpenSSH HPN To: Robert Simmons Cc: "freebsd-security@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Nov 2015 23:48:36 -0000 On Wed, Nov 11, 2015 at 4:29 PM, Robert Simmons wrote: > I don't think there is such a thing as a trusted network. That is a unicorn > these days. > > No networks should be considered trusted. > oh baloney. That's just a clever way to say you want to stop thinking about trust. If I've connected two machines directly, that network is more trustworthy than any encryption. This is not rare, but typical for system recovery, which is where nc and ssh with the none cipher are highly useful. It's also not a bridge too far to claim a network is trusted when it has 1000 computers on a special-purpose processing network with access only allowed by the admins that built it, and perhaps an API. In those networks, the nodes work together like storage and CPUs work together in a single computer. The only difference is that SATA disks and x86 CPUs are replaced by general-purpose computers running Cassandra and Nginx, connected by ethernet, so that you can connect thousands together instead of dozens. Do you always insist on encryption on your SATA cables and memory buses? That sort of special-purpose network is not rare either; rather it's typical for internet services where the load is beyond what a single machine can handle, or clusters that run models that are too large for a single machine. Trustworthy networks do exist. They just aren't the same networks as 20 years ago. -- As implied by email protocols, the information in this message is not confidential. Any middle-man or recipient may inspect, modify, copy, forward, reply to, delete, or filter email for any purpose unless said parties are otherwise obligated. As the sender, I acknowledge that I have a lower expectation of the control and privacy of this message than I would a post-card. Further, nothing in this message is legally binding without cryptographic evidence of its integrity. http://bilbo.hobbiton.org/wiki/Eat_My_Sig