Call for testing: OpenSSH-6.5

Gerald Turner gturner at unzane.com
Thu Jan 23 08:54:28 EST 2014


Damien Miller <djm at mindrot.org> writes:
> Running the regression tests supplied with Portable OpenSSH does not
> require installation and is a simply:
>
> $ ./configure && make tests

Tested openssh-SNAP-20140123 on Debian jessie/testing amd64 with OpenSSL
1.0.1f on two machines (one with AES-NI instructions), all tests passed
and no warnings.

>  * ssh(1), sshd(8): Add support for Ed25519 as a public key type.
>    Ed25519 is a elliptic curve signature scheme that offers
>    better security than ECDSA and DSA and good performance. It may be
>    used for both user and host keys.

Is there SSHFP support for Ed25519?  I suppose not - looks like it would
need Internet Drafts equivalent to RFC6090 (ECDSA) and RFC6594 (SSHFP).
Currently Curve25519 has an I-D but not for Ed25519:

http://datatracker.ietf.org/doc/draft-josefsson-tls-curve25519/

  “This document only describes usage of additional curves for ephemeral
   key exchange (ECDHE), not for use with long-term keys embedded in
   PKIX certificates (ECDH_RSA and ECDH_ECDSA).  This is because
   Curve25519 is not directly suitable for authentication with ECDSA,
   and thus not applicable for signing of e.g.  PKIX certificates.”

-- 
Gerald Turner   Email: gturner at unzane.com   JID: gturner at unzane.com
GPG: 0xFA8CD6D5  21D9 B2E8 7FE7 F19E 5F7D  4D0C 3FA0 810F FA8C D6D5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20140122/65201d70/attachment.bin>


More information about the openssh-unix-dev mailing list