https://bugzilla.mindrot.org/show_bug.cgi?id=2302
--- Comment #10 from Christoph Anton Mitterer <[email protected]> --- Hey. Let me try to catch up on this on as well :-) (In reply to Darren Tucker from comment #3) > Created attachment 2630 [details] > Make the DH-GEX fallback group 4k bit. I think that's a big step forward already. AFAIU, the old fallback group is then removed? > This makes the fallback group a new 4kbit group as long as the > client accepts groups at least that big (which is a SHOULD in > RFC4419), otherwise it continues to use group14. Hmm that's not so good, OTOH. I mean it's nice from the backward-compatibility PoV, but not so great from the security PoV. Even though an attacker cannot (AFAIU??) for a connection to downgrade to the weaker groups, it still doesn't give the server admin a good way to "block out" weak clients. Sure, the client can always do what he likes (could be secure and still publish everything on pastebin.com), but I think we should rather strive to harden all possible places than focus on users who don't do their homework and stick with years old clients. It's basically the same why it's good and necessary that you guys remove sshv1. So even if this is much better now with the 4Ki group, I point to my arguments in comment #2, especially as even the 4Ki group just shifts the problem "a bit" into the future. Last but not least, could we have: >- It makes it at least ambiguous in how things work since this > behaviour is not documented (i.e. people may think empty moduli file > means no group can be found/used for DH_GEX and therefore disables > it. > => so could this information be added to moduli(5) manpage? ? -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
