Hi, Two years ago I submitted a patch ( https://bugzilla.mindrot.org/show_bug.cgi?id=2474) to enable ECDSA in PKCS#11 support for ssh-agent. During this time: - The value of 2FA has become increasingly visible, and is sometimes even mandated by regulations. 2FA tokens that can store asymmetric keys are more readily available. - The ROCA vulnerability impacting millions of smartcards for RSA key generation. Cryptographic algorithm agility is a good thing, and can help to work-around those kind of issues. - Many people, in the ticket, the mailing-list or privately to me, have showed an interest in the patch, several of them expressing a desire to help. I got test results, bug reports, improvements requests and patches. ECDSA is not perfect but in the context of SSH with secure elements, the signature is faster and smaller than RSA at similar security levels. Some of my fellow contributors have asked what we can do to help this get merged upstream. Except tracking new releases and possible additional issues encountered in test, I think at this point we can't do a lot more on our own. We would welcome additional feedback, in particular from maintainers. Sincerely, -- Mathias Brossard _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev