Date: Mon, 13 Sep 2021 00:10:33 +0200 From: Dan Lukes <dan@obluda.cz> To: freebsd-security <freebsd-security@freebsd.org> Subject: Re: Important note for future FreeBSD base system OpenSSH update Message-ID: <0c3a5f3c-fb07-fae3-22f3-28703c842deb@obluda.cz> In-Reply-To: <A8BD4882-6DCD-4A5B-BFEF-139C778FE82C@tetlows.org> References: <CAPyFy2A390kS_C3g=Y9QhQcJ06z_FKUxXsNvi9g2CdWF24pukg@mail.gmail.com> <CAPyFy2B04b0GtWoHFQwxht5vK4_cnApPXpDLXU%2BRvcR=2L9YxA@mail.gmail.com> <CAPyFy2Aw8Z3ngiM8YHApjjPRLZVC5MCN8TRQkh6pj2fSeM1zqw@mail.gmail.com> <8169A4A8-B8D1-4265-87C8-74ED4D34FBC8@fasel.at> <2bb56783-2727-9bea-7810-58969d91c00f@denninger.net> <A8BD4882-6DCD-4A5B-BFEF-139C778FE82C@tetlows.org>
index | next in thread | previous in thread | raw e-mail
On 12.9.2021 23:27, Gordon Tetlow via freebsd-security wrote: > Blaming the browser and other client providers (OpenSSH, etc) for a > problem that is 100% because the devices are now abandoned by the > manufacturer is the wrong place to focus your anger. We have an > enormous problem in the industry of crappy embedded devices (like the > OOB management plane) accruing technical security debt while the > manufacturers give "a middle finger back" as you say. The > supportability of the hardware needs to be baked into the purchasing > decision. Commitments from the manufacturers on supportability > timeframes are important to understand and budget into a hardware > refresh cycle. "One size fits all" may be acceptable approach for unskilled home users, but not for professional use. The security mechanism may be secure enough for particular use even if there are known issues with the method in question. There may be a various reason to abandon particular method/algorithm but don't claim it's for my security because it's just not true. If particular algorithm is not secure enough for me I'm not using it despite it's supported. If algorithm is the best for particular case (it's why I'm using it) the removal will decrease overall security of such system. In no case the security will be increased. We should avoid to make decisions on behalf of skilled security officer familiar with particular use case. Just my $0,02 Danhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0c3a5f3c-fb07-fae3-22f3-28703c842deb>