On Thu, Jan 23, 2014 at 1:54 AM, Gerald Turner <gturner at unzane.com> wrote: > Damien Miller <djm at mindrot.org> writes: >> Running the regression tests supplied with Portable OpenSSH does not >> require installation and is a simply: >> >> $ ./configure && make tests > > Tested openssh-SNAP-20140123 on Debian jessie/testing amd64 with OpenSSL > 1.0.1f on two machines (one with AES-NI instructions), all tests passed > and no warnings. > >> * ssh(1), sshd(8): Add support for Ed25519 as a public key type. >> Ed25519 is a elliptic curve signature scheme that offers >> better security than ECDSA and DSA and good performance. It may be >> used for both user and host keys. > > Is there SSHFP support for Ed25519? I suppose not - looks like it would > need Internet Drafts equivalent to RFC6090 (ECDSA) and RFC6594 (SSHFP). > Currently Curve25519 has an I-D but not for Ed25519: A draft for sshfp is being worked on. > > http://datatracker.ietf.org/doc/draft-josefsson-tls-curve25519/ > > ?This document only describes usage of additional curves for ephemeral > key exchange (ECDHE), not for use with long-term keys embedded in > PKIX certificates (ECDH_RSA and ECDH_ECDSA). This is because > Curve25519 is not directly suitable for authentication with ECDSA, > and thus not applicable for signing of e.g. PKIX certificates.? > > -- > Gerald Turner Email: gturner at unzane.com JID: gturner at unzane.com > GPG: 0xFA8CD6D5 21D9 B2E8 7FE7 F19E 5F7D 4D0C 3FA0 810F FA8C D6D5 > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev > -- This message is strictly personal and the opinions expressed do not represent those of my employers, either past or present.
