[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#765512: general: distrust old crypto algos and protocols perdefault

On Wed, Oct 15, 2014 at 01:58:34PM -0700, Russ Allbery wrote:
> It's unlikely that you're going to be able to make better cost/benefit
> decisions about these things than well-informed upstreams for general use
> cases.  Debian is targeted for general use cases.  If we were making a
> security-hardened distribution that chooses security over interoperability
> across the board, we may well want to make other decisions.

Unfortunately, not all upstreams make good decisions.  OpenSSL ships
with a set of default ciphers that is completely insecure.  There is no
reason that every application using OpenSSL directly or indirectly[0]
should have to disable exportable ciphers, especially since almost
nobody uses them (nor wants to).  HIGH:MEDIUM:!aNULL is a better

It's fine to defer to upstream where they have a history of good,
prudent decision making, but there are upstreams where that's clearly
not the case, and Debian should step in and ship software that doesn't
have security holes by default.

[0] Including virtually every Ruby script that uses HTTPS.
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187

Attachment: signature.asc
Description: Digital signature

Reply to: