Future deprecation of ssh-rsa
Jochen Bern
Jochen.Bern at binect.de
Thu Oct 22 22:15:21 AEDT 2020
On 22.10.20 00:37, Damien Miller wrote:
> The abilility to gracefully rotate persistent keys is a fundamental
> capability in a cryptosystem. Being able to migrate to better algorithms
> over time without breaking continuity of trust is a related capability.
> Both these are IMO serious omissions from the SSH standards.
>
> Not having these capabilities meant that servers used DSA longer than
> they should have, used RSA/1024 when they should have moved to longer
> key lengths and could not adopt better signature algorithms like Ed25519
> when they became available.
No contest there, but do you mean to say that UpdateHostKeys actually
enforces new algos and keys to be "better" than the currently-used one?
Per what, and whose (client/server), definition?
I guess that Peters mistrust is largely based on that "better, worse,
whatever" smacks of facilitating a downgrade attack, even if we don't
see how one would *actually* succeed *today* ...
Regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4278 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20201022/3968c0f3/attachment.p7s>
More information about the openssh-unix-dev
mailing list