On 22.10.20 00:37, Damien Miller wrote: > The abilility to gracefully rotate persistent keys is a fundamental > capability in a cryptosystem. Being able to migrate to better algorithms > over time without breaking continuity of trust is a related capability. > Both these are IMO serious omissions from the SSH standards. > > Not having these capabilities meant that servers used DSA longer than > they should have, used RSA/1024 when they should have moved to longer > key lengths and could not adopt better signature algorithms like Ed25519 > when they became available. No contest there, but do you mean to say that UpdateHostKeys actually enforces new algos and keys to be "better" than the currently-used one? Per what, and whose (client/server), definition? I guess that Peters mistrust is largely based on that "better, worse, whatever" smacks of facilitating a downgrade attack, even if we don't see how one would *actually* succeed *today* ... Regards, -- Jochen Bern Systemingenieur Binect GmbH
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
