[Ach] openssh recommendataions: overview of algorithms in different versions

Daniel Kahn Gillmor dkg at fifthhorseman.net
Mon Nov 12 12:26:31 CET 2018

On Sun 2018-11-11 20:35:42 +0100, Martin Steigerwald wrote:
> I do not think Debian OpenSSH maintainers would introduce a behavioral 
> change like this during a stable cycle. Well they could warn about this 
> and recommend to secure the settings, but just updating? Not without a 
> warning at least.

I can't speak for the debian OpenSSH maintainers specifically, but as a
debian GnuPG maintainer, i do actively consider reasonable
recommendations to improve the default cryptographic choices, even in a
stable point release.

The most recent point release for debian stable came out last week, and
in it, there was a GnuPG refresh of the preferred cryptographic

OpenSSH is not GnuPG (key lifetimes and verification policies differ,
SSH has live connections vs. OpenPGP's store-and-forward data, etc), but
i would be surprised if the OpenSSH maintainers had a hard and fast rule
against adopting sensible, easily reviewable cryptographic configuration

Consider that Debian stable already updates packages that have to do
with changes to the network environment -- tzdata, publicsuffix,
dns-root-data, etc.  A well-reasoned bug report to debian stable that
includes specific improvements when interacting on the network with
other ssh implementations ought to at least provoke thoughtful
discussion, if it's made on the right forum.  The debian BTS is probably
the right forum for that.  If you do open such a bug report, please
follow up on this thread with a pointer to it!

Hanno's general advice is really our best hope in the long term -- get
these changes made as close to upstream as possible for deployment, so
that the only advice for users is "run a maintained operating system,
and keep it up-to-date" (which is advice that users ought to be
following anyway!)

That said, documenting the specific recommendations clearly in a project
like ACH can also help to demonstrate a desire for adoption and a point
of reference for this kind of bug report.  If the ACH section for a
given OS/distro/version just says "use the defaults" then we know we've
done our job well :)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://lists.cert.at/pipermail/ach/attachments/20181112/c0aaf4ab/attachment.sig>

More information about the Ach mailing list