Date: Sat, 6 Jul 2002 04:02:27 -0700 (PDT) From: Jason Stone <jason-fbsd-security@shalott.net> To: <security@freebsd.org> Subject: Re: Default ssh protocol in -STABLE [was: HEADS UP: FreeBSD-STABLE now has OpenSSH 3.4p1] Message-ID: <20020706035731.N2631-100000@walter> In-Reply-To: <xzphejepfd7.fsf_-_@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > > As a lot has changed with OpenSSH in FreeBSD, perhaps now is a good > > time to make the 2,1 the default instead ? > > I'd like that. I think the only reason for the old default was not to > surprise users who had the ssh1 RSA host key in their known_hosts but > not the ssh2 DSA host key. > > What do people think about this? Keep 2,1 or revert to 1,2? There is a whole lot of infrastructure surrounding ssh v1 keys out there, and it will all break if you change the default to v2. With the 5.0-RELEASE on the not-too-distant horizon, I really think it best to not change default behaviour within a major release. Keep the default as it is - don't break people. -Jason ----------------------------------------------------------------------- I worry about my child and the Internet all the time, even though she's too young to have logged on yet. Here's what I worry about. I worry that 10 or 15 years from now, she will come to me and say "Daddy, where were you when they took freedom of the press away from the Internet?" -- Mike Godwin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQE9Js5DswXMWWtptckRAu+0AJ98Q69nm9ks4eAFls+MV+YwmU8u/QCgxnsz c4U9XMcfNuwCXvg2N9rd6fo= =EICy -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020706035731.N2631-100000>