From owner-freebsd-security@freebsd.org  Wed Feb  1 10:16:02 2017
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 35C5DCC93BA
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Wed,  1 Feb 2017 10:16:02 +0000 (UTC) (envelope-from des@des.no)
Received: from smtp.des.no (smtp.des.no [194.63.250.102])
 by mx1.freebsd.org (Postfix) with ESMTP id 01F06A51
 for <freebsd-security@freebsd.org>; Wed,  1 Feb 2017 10:16:01 +0000 (UTC)
 (envelope-from des@des.no)
Received: from desk.des.no (smtp.des.no [194.63.250.102])
 by smtp.des.no (Postfix) with ESMTP id C3D85D610;
 Wed,  1 Feb 2017 10:15:54 +0000 (UTC)
Received: by desk.des.no (Postfix, from userid 1001)
 id 86192752B; Wed,  1 Feb 2017 11:15:10 +0100 (CET)
From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>
To: heasley <heas@shrubbery.net>
Cc: freebsd-security@freebsd.org
Subject: Re: fbsd11 & sshv1
References: <20170127173016.GF12175@shrubbery.net>
 <867f5c66yr.fsf@desk.des.no> <20170130195226.GD73060@shrubbery.net>
 <867f5bfmde.fsf@desk.des.no> <20170131201722.GH11924@shrubbery.net>
Date: Wed, 01 Feb 2017 11:15:10 +0100
In-Reply-To: <20170131201722.GH11924@shrubbery.net> (heasley's message of
 "Tue, 31 Jan 2017 20:17:22 +0000")
Message-ID: <86y3xqdxox.fsf@desk.des.no>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Feb 2017 10:16:02 -0000

heasley <heas@shrubbery.net> writes:
> Dag-Erling Sm=C3=B8rgrav <des@des.no> writes:
> > You know what would be even sadder?  If the OpenSSH developers had
> > to continue to devote significant resources to maintaining a rat's
> > nest of legacy code [...]
> I was not suggesting that openssl maintain their apparently messy
> code; they're maintaining it already, for whatever the remaining
> period is.

The legacy code I'm referring to is code they inherited from Tatu Yl=C3=B6n=
en
and have worked diligently to improve over the last 15 years.  But SSH1
is a shitty protocol and too different from SSH2 to be easily integrated
into a single framework.  There really isn't much point in expending any
more effort on it.

> i'm suggesting a port with a v1 client; that is built with all the other
> binary ports for abi changes and whatever else is reasonable.  yes, i
> can build my own, but i feel it should be a port.

You mean like net/tcpdump398, which was forked from net/tcpdump because
some people liked its output format better than that of tcpdump 4, and
then forgotten, and is known to have dozens of security vulnerabilities?

DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no