On Mon, Mar 9, 2009 at 3:36 PM, irix <i...@ukr.net> wrote: > In www.openbsd.org wrote "Only two remote holes in the default > install, in more than 10 years!", this not true. I using OpenBSD > like customer, not like administrator.
So it wasn't default install anymore, was it ? > And my OpenBSD were attacked, > by simple MiTM attack in arp protocol. that's why OpenBSD comes with IPSec and OpenSSH by default : to let you create secure networks without having to install poorly-integrated 3rd party software. > How then can we talk about the " security by default" ???? Simply because it wasn't default install anymore. > For example, FreeBSD is decided very simply, with this patch http://freecap.ru/if_ether.c.patch > When this is introduced in OpenBSD, so you can say with confidence > that the system really "Secure by default" ? My guess is this will never be in OpenBSD source tree. "Security is a process, not a product", and blindly adding code inside kernel to cover a marginal use case for which there is already a solution is not my idea of a good process, and I'm pretty sure this is not OpenBSD developers's either. For authenticating remote hosts, have a look at ipsecctl, ssh and SSL. Cheers, -- Vincent Gross "So, the essence of XML is this: the problem it solves is not hard, and it does not solve the problem well." -- Jerome Simeon & Phil Wadler