Inconsistency between legacy and release notes?

Darren Tucker dtucker at zip.com.au
Mon Nov 28 18:10:55 AEDT 2016


On Mon, Nov 28, 2016 at 5:46 PM, Pedro Melo <melo at simplicidade.org> wrote:
> Hi
>
> On 28/11/16 00:14, "dtucker at dtucker.net on behalf of Darren Tucker" <dtucker at dtucker.net on behalf of dtucker at zip.com.au> wrote:
[...]
> My initial email was not about why DSA was deprecated (although I do appreciate the reasons, thank you), but more about the fact that this deprecation is not mentioned on the OpenSSH release notes, so I would argue that DSA was not in fact deprecated…

In the 7.0 release notes:

 * Support for ssh-dss, ssh-dss-cert-* host and user keys is disabled
   by default at run-time. These may be re-enabled using the
   instructions at http://www.openssh.com/legacy.html

DSS = Digital Signature Standard, DSA = Digital Signature Algorithm
but they refer to the same thing.  Given that the SSH standards use
ssh-dss, by rights keygen should refer to it as "dss" instead of "dsa"
but that ship sailed long ago.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA (new)
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.


More information about the openssh-unix-dev mailing list