Settable minimum RSA key sizes on the client end for legacy devices.
Philipp Marek
philipp at marek.priv.at
Fri Dec 27 18:46:57 AEDT 2019
> I fully agree with Steve here, and dislike developers' attitude of "We
> know what's good for you, and since you don't/can't have a clue - we
> won't trust you with decisions".
Well, I'm on the developers' side.
They need to produce a product that _now_ gets installed in some
embedded device and is expected to be still secure in 15 years and
longer - as this thread proves.
So the emphasis _must_ be on conservative defaults.
But I've been on the other side as well 20 years ago, trying to run SSH
on a 200MHz RISC machine... Engineering sometimes needs trade-offs,
yeah.
> Minimal key size should have a "reasonable" default, and an explicit
> config parameter to override it and set to whatever value that
> *specific* installation needs.
No, that's too easy.
I've seen too many decisions made on such a basis - "just configure
security down until it works" - but these invariably lead to disaster.
Still, recompilation has a too variable cost (in the dependencies) -
it's hard to be sure that you _only_ changed that one constant and
didn't forget something that ./configure would have found etc.
> There's no way the developers can know
> or evaluate every possible use case or related threat model -
No, they don't.
They only know the most common 90%, of which eg. _I_ probably
only know 20%.
> so they
> shouldn't behave as if they do...
Well, like a parent they try to save you from bad decisions.
More information about the openssh-unix-dev
mailing list