https://bugzilla.mindrot.org/show_bug.cgi?id=3253
Markus Kuhn <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED |--- --- Comment #3 from Markus Kuhn <[email protected]> --- Renaming PubkeyAcceptedKeyTypes to PubkeyAcceptedAlgorithms looks helpful, but it does not yet solve the current problem that the ssh-keygen man page leaves the reader somewhat in the dark about the precise relationship between key types, bits and algorithms. I think it would be great to add to ssh-keygen a table that shows which key type (-t) with which bits (-b) is suitable for which algorithms, just to make sure that the user interface presented by ssh-keygen (which talks about key types) and the user interface presented by sshd (which talks about algorithms) meet each other at a prominent place in the documentation. Some other cryptographic applications (e.g. Kerberos https://web.mit.edu/kerberos/www/krb5-latest/doc/admin/enctypes.html ), have a one-to-one relationship between what key types the user can generate and what algorithms these key types are used with. There are far fewer choices to be made. In OpenSSH, that relationship is more complicated, and a table showing how the values that can be specified after ssh-key options -t and -b match up with the options that can be specified after PubkeyAcceptedAlgorithms would be an incredibly useful resource for users faced with choosing a key type. That table could also list which algorithms have been introduced or deprecated by which OpenSSH version. All that is crucial information for ssh-keygen users to make an informed decision about which values to pick for -t and -b. (One can use tbl tables in man pages with .TS and .TE macros, as krb5.conf(5) or systemd.unit(5) demonstrate. See "man tbl" for documentation.) -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
