On Wed, Jun 18, 2008 at 05:47:45PM -0700, Kees Cook wrote: > On Wed, Jun 11, 2008 at 03:20:45PM -0700, Ivan Kohler wrote: > > As a "past standard" key size, I believe it should be treated (for > > blacklist purposes) as a standard key size, not as a non-standard key > > size, and thus included in -blacklist instead of -blacklist-extra. > > During the window when openssl was broken, openssh did not produce > RSA-1024 keys.
Yes, I understand that. > As a result, that blacklist is not being included in the > default package. However, it is available in openssl-blacklist-extra. I believe that to be a grave oversight and constitute a serious security issue that needs to be addressed. Use case/example: 1. Joe admin has been running Debian for years now, appreciating the ability to upgrade his systems without reinstalling. Joe has never used "non-standard key sizes", and indeed, while he knows the he should use SSH instead of telnet, he doesn't actually pay attention to the details or change the defaults. 2. Joe receives a security advisory or otherwise finds out about the OpenSSL vulnerability. Joe notes that the security advisory tells him to run "openssh-vulnkey" to scan his system for vulnerable keys. 3. Joe runs "openssh-vulnkey" on the systems he administers, and while it does point out some keys that are safe, and some that are compromised, he can't make heads or tails of this "Unknown (no blacklist information)" error. Isn't this tool supposed to provide assurance that his keys are safe? Joe doesn't understand why the tool he was told to run to verify his keys is giving him "Unknown" errors. 4. Joe admin gives up and switches to a distribution that actually cares about its users. The OpenSSL vulnerability is a serious problem for Debian. Distributing a tool that is *supposed* to scan for vulnerable keys and then making the output of that tool useless for anyone who has been running Debian for more than a year borders on absurd. -blacklist-extra is *NOT* available in etch, and is *NOT* installed by default like -blacklist. Telling admins to use backports.org if they've been running Debian for more than a release is *NOT* the kind of security support we should be providing to our users. What is the perceived disadvantage or problem with including the RSA-1024 blacklist in the standard, etch -blacklist package? 2 megs of disk space? Is there anything else? If saving 2 megs is the only reason not to include RSA-1024, it would seem we are doing a disservice to the vast majority of our users by leaving it out, for the sake of a very small number of users using embedded or obsolete hardware. Please, please, please seriously consider including RSA-1024 in openssh-blacklist and upload to etch ASAP as a security fix. -- Ivan Kohler ivan at debian.org -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
