Re: SSH revised

[Bas Wijnen]

On Tue, Mar 28, 2006 at 11:18:25AM +0200, Christian Helmuth wrote:
> On Tue, Mar 28, 2006 at 10:34:54AM +0200, Marcus Brinkmann wrote:
> > > Is the bottom line of this a) you don't care about MAC or b) HURD does not
> > > care about MAC? IMO Mandatory Access Control is something somebody who
> > > operates a server really wants...
> > 
> > I care about user freedom.  My understanding of the term MAC does not
> > have anything to do with use of specific protocols to log on to the
> > machine remotely.  Maybe if you explain how you understand the term
> > MAC here, and why you think that the suggested mechanism violates it,
> > I can respond to that.
> 
> My use case was "limit SSH to protocol version 2, because I (the owner)
> consider it as safe enough for my system". An operating system for the
> future should provide me with powerful tools sufficient for my needs and
> no vague doubts should hinder this. Say: If it's crap I'll don't "buy" it.

It doesn't work.  If you don't trust your users to do the right thing, then
don't give them access to the network.  If they really want to use SSH1, they
can just run their own server on their own port.  Hell, they can even run a
telnet server if they feel like it.  The only thing you can do as an
administrator is set the default to allow ssh 2 only (for example by not
providing an ssh1 server at all), but there is no guarantee that people stick
to that default.  Adding such options to the configuration only gives
administrators a false sense of control, which is probably more dangerous than
a sense of no control.

> > And again:  That somebody wants something is not a sufficient reason
> > to do it (in fact, not even a necessary reason).

Marcus: Of course somebody must want it.  Otherwise nobody will want to
implement it. ;-)

> I understand this as: You don't care about anything somebody wants or
> doesn't want including "user freedom", correct?

I don't think this is what Marcus meant.  The point is that if I say "I want
to spy on my employees" (which I don't, just to be clear), then that isn't a
reason for the Hurd to support it.

The Hurd as we design it now is based on design goals.  If a feature fits in
with those goals (and it seems interesting enough to support), then we do it.
If it conflicts with those goals, we don't do it.  The fact that someone says
"But I really want that feature" is hardly relevant at all in the decision.

> Personally, I do not like the new course this discussion takes, because it
> becomes too political...

Design is choosing, and choosing is politics.  I'm sorry to tell you, but the
only way to avoid politics is to avoid all situations where a choice must be
made.  Perhaps the only way to do that is die, which I don't recommend. ;-)

What people call "politics" in software seems to me to really be "applying
ethics".  This is indeed what politics should be all about (although
unfortunately it usually isn't).  In my opinion ethics must play a role in any
choice that is made.  I can understand that from a computer science
perspective ethics don't usually play a large role.  But we're talking about
building a system which will be used by real people here, not just something
to be studied.  Ethics is therefore very relevant, and I think such
discussions very much belong on a list like this one (although I agree that
for example on the coyotos list, they would be off-topic).

You're not actually saying it, but your statement sounds like "That's
politics, therefore we should not discuss it".  I strongly disagree with that
way of treating ethics, because ethics is IMO the most important aspect of
life.  That doesn't mean we must continuously talk about it, but it does mean
that when it comes up, it's probably relevant and therefore worth discussing.

Thanks,
Bas

-- 
I encourage people to send encrypted e-mail (see http://www.gnupg.org).
If you have problems reading my e-mail, use a better reader.
Please send the central message of e-mails as plain text
   in the message body, not as HTML and definitely not as MS Word.
Please do not use the MS Word format for attachments either.
For more information, see http://129.125.47.90/e-mail.html

signature.asc
Description: Digital signature