Re: Proposal and intent to implement "dsa-sha2-256" SSH key algorithm

To: "Mark D. Baushke" <mdb%juniper.net@localhost>
Subject: Re: Proposal and intent to implement "dsa-sha2-256" SSH key algorithm
From: Jeffrey Hutzelman <jhutz%cmu.edu@localhost>
Date: Fri, 30 Oct 2015 14:12:27 -0400

On Thu, 2015-10-29 at 23:53 -0700, Mark D. Baushke wrote:
> Hi denis,
> 
> Should this Draft RFC also be the one that moves the "ssh-dss" public
> key algorithm from a "REQUIRED" and "MUST" implement algorithm to
> an "OPTIONAL" and "SHOULD NOT" implement algorithm?
> 
> As things stand right now with RFC4253, the only REQUIRED algorithm is
> "ssh-dss" and I do not believe that it is a good idea to leave it in
> that state.
> 
> Or, is this better left to another RFC? Perhaps moving the Ed25519
> algorithm created by
> 
>   https://tools.ietf.org/html/draft-irtf-cfrg-eddsa-00 
> 
> into a MUST algorithm while deprecating "ssh-dss" for SSH?

A good question.  I feel like we should be discussing such changes,
since the current situation is rather silly.  However, it probably
belongs in a separate document, if only because reaching consensus on
the choice of algorithms may take some time.

More on this in another post.

-- Jeff

References:
- Re: Proposal and intent to implement "dsa-sha2-256" SSH key algorithm
  - From: denis bider
- Re: Proposal and intent to implement "dsa-sha2-256" SSH key algorithm
  - From: Mark D. Baushke

Prev by Date: Re: Proposal and intent to implement "dsa-sha2-256" SSH key algorithm
Next by Date: SSH key algorithm updates
Previous by Thread: Re: Proposal and intent to implement "dsa-sha2-256" SSH key algorithm
Next by Thread: SSH key algorithm updates
Indexes:

Home | Main Index | Thread Index | Old Index