We went from “the fundamentals have changed” to “the 90s were a long time ago” real fast. Regardless of who made the point initially you are arguing it. Full redesigns are expensive, inefficient, and likely to introduce new vulnerabilities. The existing implementation is refined by decades of real world use. We can incorporate new lessons without a full redesign - if we can’t then we should stop being software engineers.
A full redesign is usually the type of project a CTO I worked for pejoratively called “computer science projects.”
SSH carries design choices from the 90s that might not apply today.
But it’s the paper authors themselves who are talking about a redesign, not a random Lemmy user, so idk.
Point is - a system redesign is very much something worth looking into if improving the existing system will be too disruptive.
We went from “the fundamentals have changed” to “the 90s were a long time ago” real fast. Regardless of who made the point initially you are arguing it. Full redesigns are expensive, inefficient, and likely to introduce new vulnerabilities. The existing implementation is refined by decades of real world use. We can incorporate new lessons without a full redesign - if we can’t then we should stop being software engineers.
A full redesign is usually the type of project a CTO I worked for pejoratively called “computer science projects.”
If you read the other article linked, there are literally already fixes available for many ssh implementations. Doesn’t seem that disruptive to me…