On 25 September 2017 at 02:32, Mark D. Baushke <mdb@xxxxxxxxxxx> wrote: > [+CC Loganaden Velvindron <logan@xxxxxxxxxx>] primary author of > the RFC 4419 refresh draft. https://datatracker.ietf.org/doc/draft-lvelvindron-curdle-dh-group-exchange/ ? Tangent: has any consideration been given to increasing the maximum allowed beyond 8192 bits (which is below the current NIST recommendation for 256 bits of security)? Last time I looked OpenSSL supported 10k bits out of the box so it probably wouldn't be hard to support that in OpenSSH. -- Darren Tucker (dtucker at zip.com.au) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev