If I understand correctly, the next opportunity after 5.0R to make a change of such significance is FreeBSD 6.0. Since I suspect that few folks will want to have ssh1 enabled by the time 6.0 is released, I would like to request for the team to please consider disabling ssh1 fallback prior to 5.0R.
Ssh1 is fundamentally broken. It uses a CRC where a MAC is required. While the attack detection logic in the code looks good, I don't know of many cryptographers that would be willing to bet that no further attacks exploiting ssh1's design flaws will be found. Ssh1 is a potential security hole with very little utility remaining given that ssh2-capable versions of ssh are readily available for a host of platforms and in fact have been so for some time. I therefore believe that the 5.0 release represents a perfect opportunity to remove ssh1 fallback from the default distribution of FreeBSD and hope the FreeBSD team will consider this change. Thanks, --Lucky Green To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
