[Bug 877] ssh 3.8.1p1 client cannot disable encryption with "-c none"

Tue Jun 8 04:24:25 EST 2004

http://bugzilla.mindrot.org/show_bug.cgi?id=877

------- Additional Comments From mouring at eviladmin.org  2004-06-08 04:24 -------
> I cannot force your hand of course. But I again feel that these are policy 
> decisions that should be left to the user. If a user chooses Mac=none, he 
> obviously should be aware of the security risks.

Problem is most don't understand.  Just like most kids that find guns don't
always understand that pulling the trigger causes it to fire.  Why would we
want to endanger our users any more than we have to?  And like aways it is
"never the user's fault".. It has to be the software and programmer.  Even
if they are abusing the software in a way it was never designed to be used in.

<shrug> My view is if a company wants to hack mac=none, ciphers=none into their
SSH code.  That's fine. Not as if it is that hard or complex. However, if they 
are now taking that risk into their hands, and can't blame us for not thinking
through how they use the feature.

> If people are really opposed to providng cipher=none and mac=none options, 
> is it possible to provide an option to the "configure" command so that these
> options can be put in when the build is appropriately configured ? 

Which I strongly object to. Either code should be used or not be included. 
Having additional code paths that are not compiled by default only adds more
complexity to testing and platform verification.  Plus it litters the source
code with #ifdef/#endif garbage that makes it harder to read and understand.

It's bad enough we have to test compile for PAM, KRB, and other oddball 
platform security configurations that affect how the code acts and reacts to
configuration files and other user input.

> 10 Mbps networks hardly imposed any ovhd on the CPUs - my company is starting
> to use 1 Gbps networks - there the ovhd can be significant.

Sounds like you really want to invest in encryption hardware.  Sokeris group
sells a nice PCI/PCMCIA solution that runs under BSD/Linux for a very nice
price.  I've seen a few gigabit cards with encryption chips right on it.  Which
would be another good path to look at. That would make more pratical sense than 
gutting security from an application.

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.