For what it's worth, the current RSA default is FIPS compliant. Although NIST included ed25519 in FIPS 186-5 and the public comment period closed more than two years ago, it's still in draft; 186-4 does not include ed25519 (it does include ecdsa though, with the curves that OpenSSH already supports). Tom.III On Sun, Nov 6, 2022 at 8:04 PM Damien Miller <djm@xxxxxxxxxxx> wrote: > On Mon, 7 Nov 2022, Darren Tucker wrote: > > > On Mon, 7 Nov 2022 at 00:51, Job Snijders <job@xxxxxxxxxxx> wrote: > > [...] > > > Perhaps now is a good time to make Ed25519 the default when invoking > > > ssh-keygen(1) without arguments? > > > > I don't think so. Outside of DSA (which is REQUIRED in RFC4253 but is > > considered weak these days), RSA keys are the most widely supported > > key type and thus most likely to work in any given situation, which > > makes them an appropriate default. If you know this is not the case > > for your environment, that's what "-t" is for. > > I don't mind using defaults to apply a little nudge towards better > algorithms. OpenSSH has supported ed25519 keys for almost a decade, > and RFC 8709 has been a standard for a couple of years. > > So I'm cautiously supportive of doing this. > > -d > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@xxxxxxxxxxx > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev > _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
