[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: disable HPN in sshd for the -10 branch?
On Mon, May 23, 2022 at 05:30:36PM -0700, John Nemeth wrote:
> } I would say that doesn't really fit with what we want either, certainly
> } without somebody really trying. It breaks the rule that using ssh can
> } count on confidentiality and integrity and makes systems with ssh as a
> } component harder to reason about.
> I would say it is something that should be available as an
> option (likely a command line option). ssh/scp has pretty much
> completely replaced rsh/rcp (other than for people that go out of
> their way to use those); however, there are many things that get
> copied around that are completely public where encrypting them for
> data transfer is useless overhead. That said you likely still want
> passwords encrypted and integrity checks.
(1) having an unencrypted option at all is one of the ways spooks like
to weaken cryptosystems; it creates ways to force/cause people to use
it when they didn't mean to.
(2) if you don't encrypt everything, you're telling anyone who's
listening which data's important.
IOW, I disagree entirely.
David A. Holland
Main Index |
Thread Index |