From owner-freebsd-security  Fri Jul  5  5: 6:18 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 7804437B401; Fri,  5 Jul 2002 05:06:15 -0700 (PDT)
Received: from lerlaptop.lerctr.org (lerlaptop.lerctr.org [207.158.72.14])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id CDAC143E77; Fri,  5 Jul 2002 05:03:34 -0700 (PDT)
	(envelope-from ler@lerctr.org)
Received: from localhost (localhost [127.0.0.1])
	by lerlaptop.lerctr.org (8.12.5/8.12.5) with ESMTP id g65C2rFX000783;
	Fri, 5 Jul 2002 07:02:53 -0500 (CDT)
	(envelope-from ler@lerctr.org)
Subject: Re: Default ssh protocol in -STABLE [was: HEADS UP: FreeBSD-STABLE
	now has OpenSSH 3.4p1]
From: Larry Rosenman <ler@lerctr.org>
To: Dag-Erling Smorgrav <des@ofug.org>
Cc: Mike Tancsa <mike@sentex.net>, Ruslan Ermilov <ru@FreeBSD.ORG>,
	security@FreeBSD.ORG
In-Reply-To: <xzphejepfd7.fsf_-_@flood.ping.uio.no>
References: <20020705073634.GA64656@sunbay.com>
	<20020705073634.GA64656@sunbay.com>
	<5.1.0.14.0.20020705073043.01c52198@192.168.0.12> 
	<xzphejepfd7.fsf_-_@flood.ping.uio.no>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Ximian Evolution 1.0.7 
Date: 05 Jul 2002 07:02:53 -0500
Message-Id: <1025870573.401.1.camel@lerlaptop.lerctr.org>
Mime-Version: 1.0
X-Virus-Scanned: by amavisd-milter (http://amavis.org/)
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Fri, 2002-07-05 at 06:45, Dag-Erling Smorgrav wrote:
> [moving from -stable to -security, bcc: to -stable and security-team]
> 
> Mike Tancsa <mike@sentex.net> writes:
> > As a lot has changed with OpenSSH in FreeBSD, perhaps now is a good
> > time to make the 2,1 the default instead ?
> 
> I'd like that.  I think the only reason for the old default was not to
> surprise users who had the ssh1 RSA host key in their known_hosts but
> not the ssh2 DSA host key.
> 
> What do people think about this?  Keep 2,1 or revert to 1,2?
It would seem that this is an appropriate time.  SSH1 is old, and SSH2
is mature enough.  With all the other changes, this wouldn't be a big
POLA violation. 


-- 
Larry Rosenman                     http://www.lerctr.org/~ler
Phone: +1 972-414-9812                 E-Mail: ler@lerctr.org
US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message