Re: disable HPN in sshd for the -10 branch?

[David Holland <dholland-tech%netbsd.org@localhost>]

On Tue, May 24, 2022 at 06:57:23AM -0000, Michael van Elst wrote:
 > >(1) having an unencrypted option at all is one of the ways spooks like
 > >to weaken cryptosystems; it creates ways to force/cause people to use
 > >it when they didn't mean to.
 > 
 > People have to be very clear in making that choice and they actually
 > use it for a reason.
 > 
 > Consider the alternatives that are much weaker and don't protect
 > anything at all.
 > 
 > Or consider the alternative to create separate tools that satisfy
 > the requirements that the HPN patch was created for. Will that be
 > better?

It is better, yes, because it's much harder to engage an entirely
different tool by trickery.

 > Also consider that people believe their data is safe in the current
 > virtualized world, just because someone calls "encryption".

True, but that's not a reason to make the situation worse.

 > >(2) if you don't encrypt everything, you're telling anyone who's
 > >listening which data's important.
 > 
 > Gung znxrf lbhe choyvpnyyl fgngrq bcvavba abg vzcbegnag?

V qba'g xabj nobhg lbh, ohg V cbfgrq vg bire na rapelcgrq frffvba, naq
gurfr qnlf n ybg bs gur genafcbeg vf rapelcgrq gbb.

-- 
David A. Holland
dholland%netbsd.org@localhost