From owner-freebsd-security  Sat Jul  6  4: 2:36 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6C44137B400
	for <security@freebsd.org>; Sat,  6 Jul 2002 04:02:33 -0700 (PDT)
Received: from walter.dfmm.org (walter.dfmm.org [209.151.233.240])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 028A343E31
	for <security@freebsd.org>; Sat,  6 Jul 2002 04:02:33 -0700 (PDT)
	(envelope-from jason@shalott.net)
Received: (qmail 83702 invoked by uid 1000); 6 Jul 2002 11:02:27 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 6 Jul 2002 11:02:27 -0000
Date: Sat, 6 Jul 2002 04:02:27 -0700 (PDT)
From: Jason Stone <jason-fbsd-security@shalott.net>
X-X-Sender:  <jason@walter>
To: <security@freebsd.org>
Subject: Re: Default ssh protocol in -STABLE [was: HEADS UP: FreeBSD-STABLE
 now has OpenSSH 3.4p1]
In-Reply-To: <xzphejepfd7.fsf_-_@flood.ping.uio.no>
Message-ID: <20020706035731.N2631-100000@walter>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> > As a lot has changed with OpenSSH in FreeBSD, perhaps now is a good
> > time to make the 2,1 the default instead ?
>
> I'd like that.  I think the only reason for the old default was not to
> surprise users who had the ssh1 RSA host key in their known_hosts but
> not the ssh2 DSA host key.
>
> What do people think about this?  Keep 2,1 or revert to 1,2?

There is a whole lot of infrastructure surrounding ssh v1 keys out there,
and it will all break if you change the default to v2.

With the 5.0-RELEASE on the not-too-distant horizon, I really think it
best to not change default behaviour within a major release.  Keep the
default as it is - don't break people.


 -Jason

 -----------------------------------------------------------------------
 I worry about my child and the Internet all the time, even though she's
 too young to have logged on yet.  Here's what I worry about.  I worry
 that 10 or 15 years from now, she will come to me and say "Daddy, where
 were you when they took freedom of the press away from the Internet?"
	-- Mike Godwin

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: See https://private.idealab.com/public/jason/jason.gpg

iD8DBQE9Js5DswXMWWtptckRAu+0AJ98Q69nm9ks4eAFls+MV+YwmU8u/QCgxnsz
c4U9XMcfNuwCXvg2N9rd6fo=
=EICy
-----END PGP SIGNATURE-----


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message