Call for testing: OpenSSH-6.5
Gerald Turner
gturner at unzane.com
Thu Jan 23 08:54:28 EST 2014
Damien Miller <djm at mindrot.org> writes:
> Running the regression tests supplied with Portable OpenSSH does not
> require installation and is a simply:
>
> $ ./configure && make tests
Tested openssh-SNAP-20140123 on Debian jessie/testing amd64 with OpenSSL
1.0.1f on two machines (one with AES-NI instructions), all tests passed
and no warnings.
> * ssh(1), sshd(8): Add support for Ed25519 as a public key type.
> Ed25519 is a elliptic curve signature scheme that offers
> better security than ECDSA and DSA and good performance. It may be
> used for both user and host keys.
Is there SSHFP support for Ed25519? I suppose not - looks like it would
need Internet Drafts equivalent to RFC6090 (ECDSA) and RFC6594 (SSHFP).
Currently Curve25519 has an I-D but not for Ed25519:
http://datatracker.ietf.org/doc/draft-josefsson-tls-curve25519/
“This document only describes usage of additional curves for ephemeral
key exchange (ECDHE), not for use with long-term keys embedded in
PKIX certificates (ECDH_RSA and ECDH_ECDSA). This is because
Curve25519 is not directly suitable for authentication with ECDSA,
and thus not applicable for signing of e.g. PKIX certificates.”
--
Gerald Turner Email: gturner at unzane.com JID: gturner at unzane.com
GPG: 0xFA8CD6D5 21D9 B2E8 7FE7 F19E 5F7D 4D0C 3FA0 810F FA8C D6D5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20140122/65201d70/attachment.bin>
More information about the openssh-unix-dev
mailing list