RE: SSH key algorithm updates

To: Jeffrey Hutzelman <jhutz%cmu.edu@localhost>, "Mark D. Baushke" <mdb%juniper.net@localhost>
Subject: RE: SSH key algorithm updates
From: Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>
Date: Sun, 1 Nov 2015 01:02:16 +0000

Jeffrey Hutzelman <jhutz%cmu.edu@localhost> writes:

>- Add dsa-sha2-256 as RECOMMENDED

I'm strongly opposed to keeping DSA, for the reasons given earlier.  It's dead
everywhere except SSH, it'd be nice to get rid of this one holdout as well.

>Perhaps Denis wants to add pgp-sign-dsa-sha2-256 and/or x509v3-dsa-sha2-256
>to his document.

Since neither the PGP nor the X.509 formats as used in SSH were ever defined,
I'd just remove them.  Short of reverse-engineering someone else's
implementation to see what they do, I can't see how you'd create an
interoperable implementation of either of these.

Peter.

References:
- Re: Proposal and intent to implement "dsa-sha2-256" SSH key algorithm
  - From: denis bider
- Re: Proposal and intent to implement "dsa-sha2-256" SSH key algorithm
  - From: Mark D. Baushke
- SSH key algorithm updates
  - From: Jeffrey Hutzelman

Prev by Date: Re: SSH key algorithm updates / Proposal and intent to implement "dsa-sha2-256" SSH key algorithm
Next by Date: RE: SSH key algorithm updates
Previous by Thread: Re: SSH key algorithm updates
Next by Thread: Re: SSH key algorithm updates
Indexes:

Home | Main Index | Thread Index | Old Index