Re: Bug#765512: general: distrust old crypto algos and protocols perdefault
Joey Hess <firstname.lastname@example.org> writes:
> In general, I think that Debian needs to identify upstreams that are
> being proactive about dropping old crypto algos, and those that are not.
> Major browsers, openssh upstream, etc are going to be more on top of
> this than we are, and make better decisions. Web servers probably have
> user pressure to keep old crypto available, in order to support broken
> clients that some users care about, and Debian might be able to improve
> the defaults in such cases.
I can't agree here about major browser vendors being an example of
proactively dropping old crypto algos. Browser vendors have strong
incentives to prioritise compatibility above everything else (if a user
can't access a website with your browser but can with a competitors
you've just lost a user). For security the same incentive doesn't really
exist, as when the vendors get caught with their pants down (as happened
here with the POODLE attack) all they need to say is "Well we didn't
know it was actually broken, and besides all the other browsers had it
As Russ said earlier in the thread security is always a compromise with
compatibility, but IMO the browser vendors end up making different
choices than we should. For example I have been running my browser for
over a year with SSLv3 disabled, and have only found one website that
doesn't work. There is no reason this couldn't have been disabled before
it was compromised. The same situation seems to be happening with RC4,
a practical attack needs to appear before it gets dropped.