Re: Bug#765512: general: distrust old crypto algos and protocols perdefault

[Russ Allbery <rra@debian.org>]

Joey Hess <joeyh@debian.org> writes:

> In general, I think that Debian needs to identify upstreams that are
> being proactive about dropping old crypto algos, and those that are not.
> Major browsers, openssh upstream, etc are going to be more on top of
> this than we are, and make better decisions. Web servers probably have
> user pressure to keep old crypto available, in order to support broken
> clients that some users care about, and Debian might be able to improve
> the defaults in such cases.

+1.  This exactly.

For another example, upstream for both Heimdal and MIT Kerberos know very
well what the situation is with the RC4 use in the Kerberos protocol and
are making well-informed decisions based on compatibility with existing
clients, just as they did with DES (which is now disabled by default in
both and likely to be removed entirely in the near future).  I don't think
we're likely to add a lot of value by trying to jump into that process.

Where Debian may be able to help more is with the long tail of software
that doesn't have as active or involved upstreams and may not be tracking
this issue as closely as we are.  And, of course, making sure that our
compilation and configuration defaults are as secure as possible.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>