Re: disable HPN in sshd for the -10 branch?
On Mon, May 23, 2022 at 05:30:36PM -0700, John Nemeth wrote: > } I would say that doesn't really fit with what we want either, certainly > } without somebody really trying. It breaks the rule that using ssh can > } count on confidentiality and integrity and makes systems with ssh as a > } component harder to reason about. > > I would say it is something that should be available as an > option (likely a command line option). ssh/scp has pretty much > completely replaced rsh/rcp (other than for people that go out of > their way to use those); however, there are many things that get > copied around that are completely public where encrypting them for > data transfer is useless overhead. That said you likely still want > passwords encrypted and integrity checks. (1) having an unencrypted option at all is one of the ways spooks like to weaken cryptosystems; it creates ways to force/cause people to use it when they didn't mean to. (2) if you don't encrypt everything, you're telling anyone who's listening which data's important. IOW, I disagree entirely. -- David A. Holland dholl...@netbsd.org
Re: disable HPN in sshd for the -10 branch?
On May 3, 13:00, Greg Troxel wrote: } mlel...@serpens.de (Michael van Elst) writes: } } > Part of the HPN patches is to optionally strip encryption (and now even } > integrity checks) for the data transfer. Doesn't fit into what } > the OpenSSH people want, not even as an option. } } I would say that doesn't really fit with what we want either, certainly } without somebody really trying. It breaks the rule that using ssh can } count on confidentiality and integrity and makes systems with ssh as a } component harder to reason about. I would say it is something that should be available as an option (likely a command line option). ssh/scp has pretty much completely replaced rsh/rcp (other than for people that go out of their way to use those); however, there are many things that get copied around that are completely public where encrypting them for data transfer is useless overhead. That said you likely still want passwords encrypted and integrity checks. }-- End of excerpt from Greg Troxel
Interested in working on NetBSD project
Dear Christos, I am Gagan Aryan, a senior year computer science undergraduate at IIT Kanpur, India. I came across this project - Research and integrate the static code analysers with the NetBSD codebase on the NetBSD site. I am interested in working on the same. I realise that this was a GSoC project and the deadline is over. But, I would like to work on it nonetheless and would be elated if you could mentor me. I was a GSoC student in the previous year batch with the organisation OpenAstronomy and am a mentor in this year of the program with the same organisation. I take immense interest in systems and theoretical computer science and am interested in pursuing doctoral studies in the same. I have done a few systems courses that I feel can come handy in this project, some of which are - Compiler Design, Operating Systems and Software Development and Operations. I had also taken up a research project in the past that aimed to come up with a way to estimate the time complexity of the programs from execution traces. I have interned at Y-Combinator-backed startups as well. A subset of the things I have worked on are available in this one page resume - https://drive.google.com/file/d/1ev7VMBPlRz1voMmEST0GWQ2vX5sEOH4I/view?usp=sharing. Could you please give me a bit more context regarding the project and possibly a few links or documents that I can get started with? I look forward to hearing from you and work for NetBSD. Best, Gagan Aryan, B.Tech CSE, IIT Kanpur
