IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

RE: New version of rsa-sha2-512 draft posted: no more DSA



Damien Miller <djm%mindrot.org@localhost> writes:

>I don't think the glacial* crypto adoption pace of CAs is relevant to the
>choices we make for SSH.

The OP wasn't commenting on use by CAs, it was commenting on use by clients.
In other words it was saying that CAs should hold back on -512 otherwise
clients won't be able to verify the certs they issue.

>Moreover, any SSH implementation that supports ed25519 in the future will
>need SHA512 for it's inner hash, so it's not like it will be extra code to
>carry around.

This assumes that your implementation carries an entire crypto library around
with it.  Many don't, but use the host's crypto.  If the host doesn't support
algorithm X, then you're out of luck.

Peter.


Home | Main Index | Thread Index | Old Index