OpenSSH support for FIDO RSA keys

Peter Stuge peter at
Sat Aug 28 03:27:13 AEST 2021

Damien Miller wrote:
> I'm expecting a big fight when I eventually push to remove ssh-dss,

FWIW I think that's long overdue, and understand your worry.

> In the case of RSA/FIDO, it's really to support a single vendor
> (admittedly an important one), but using an algorithm (RSA) which
> almost everyone is moving away from in favour of elliptic-curve crypto,

Many are indeed moving, but popularity in itself doesn't really mean much.
I for one like RSA in spite of the many caveats now known, because the math
is simple (to me). But I by no means hate or reject ECC, it's just different.
(Yes, ECC code can be simpler than RSA code.)

> and that seems was chosen to support a legacy hardware standard (TPM 1.x)
> that is already superseded.

I think the reason to add RSA/FIDO should be less to support TPM 1.x
and more to create opportunity and/or a use-case for future RSA tokens.

I understand the code coverage concern, but since RSA is already
quite heavily used in OpenSSH, would the overhead actually be large?

The FIDO code would of course grow, were you refering to that all along?

Thanks and kind regards


More information about the openssh-unix-dev mailing list