Joseph S. Testa II <jtesta@xxxxxxxxxxxxxxxxxxxx> writes: > On 11/1/19 4:36 AM, Damien Miller wrote: > > new key type "sk-ecdsa-sha2-nistp256@xxxxxxxxxxx" > > Was ECDSA with NIST P-256 strictly necessary, or would Ed25519 be > possible as well? I would guess that it largely comes down to support of the algoirthms in the hardware keys and the libfido2 library. Some tokens built on top of TPM 2.0 hardware may only support ECDSA or RSA.... YubiKey 5.2.3 enhancements to FIDO 2 Support recently announced (on October 22, 2019) URL: https://support.yubico.com/support/solutions/articles/15000027138-yubikey-5-2-3-enhancements-to-fido-2-support | Additional Encryption Algorithms | | To ensure a high level of security for the FIDO2 authentication | credentials, the supported encryption algorithms have been updated. | Support for the Ed25519 curve has been added, while support for RSA keys | has been removed. This makes sense in that the new NISP FIPS 186-5 draft does provide for EdDSA with both 25519 and 448 curves and YubiKey is something the US Fed folks are in favor of using for some places where CAC cards are not as desirable to use. Right now, the libfido2 library seems to support ECDSA P-256 with SHA-256 and PKCS#1.5 2048-bit RSA with SHA-256. Given that the US Federal Government is mandating RSA-PSS for most everything rather than PKCS#1.5 RSA, the odds are good that RSA support will be going down in a lot of places. I suspect that both ECDSA P256 and ECDSA P384 are supported on many PIV Smart Card devices. I fully expect to see EdDSA 25519 based devices eventually. -- Mark _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
