From owner-freebsd-security  Wed Mar 27  4:43: 0 2002
Delivered-To: freebsd-security@freebsd.org
Received: from blackhelicopters.org (geburah.blackhelicopters.org [209.69.178.18])
	by hub.freebsd.org (Postfix) with ESMTP id D54A537B41D
	for <freebsd-security@FreeBSD.ORG>; Wed, 27 Mar 2002 04:42:56 -0800 (PST)
Received: (from mwlucas@localhost)
	by blackhelicopters.org (8.11.6/8.11.6) id g2RCgat87060;
	Wed, 27 Mar 2002 07:42:36 -0500 (EST)
	(envelope-from mwlucas)
Date: Wed, 27 Mar 2002 07:42:36 -0500
From: Michael Lucas <mwlucas@blackhelicopters.org>
To: Dan Lowe <dan@tangledhelix.com>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: It's time for those 2048-, 3072-, and 4096-bit keys?
Message-ID: <20020327074236.B86929@blackhelicopters.org>
References: <20020326185714.F22539@mail.webmonster.de> <20020326182003.F15545-100000@patrocles.silby.com> <20020326181634.A919@lothlorien.tangledhelix.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20020326181634.A919@lothlorien.tangledhelix.net>; from dan@tangledhelix.com on Tue, Mar 26, 2002 at 06:16:34PM -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Tue, Mar 26, 2002 at 06:16:34PM -0500, Dan Lowe wrote:
> Previously, Mike Silbersack wrote:
> > 
> > Yes, upgrading clients to v2 would be best.  However, I don't think that
> > locking out v1 users would be the best way to achieve that.  The most
> > likely result of doing so would be people falling back to telnet.
> 
> On a system where security is of any concern whatsoever, why would telnet
> be available in the first place?

I just dealt with a group of "senior" admins here in Detroit who
weren't familiar with the problems of telneting to their Ciscos.
Ethereal was quite the shock to them.  :-)

It's taken us years to basically scrub telnet off the map, and it's
still not gone.  SSHv1 is far better than telnet, and there are any
number of v1 clients still out there.  Please don't make it any harder
than it absolutely has to be.

Perhaps a comment in the file, "we recommend using v2 whenever
possible", so people stumble across it frequently even if they don't
bother reading the docs?

==ml

-- 
Michael Lucas		mwlucas@FreeBSD.org, mwlucas@BlackHelicopters.org
my FreeBSD column: http://www.oreillynet.com/pub/q/Big_Scary_Daemons

http://www.blackhelicopters.org/~mwlucas/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message