Re: [FreeBSD-Announce] HEADS-UP: OpenSSH DSA keys are deprecated in 12.0 and 11.0

On 09/08/2016 03:23, Jeffrey Bouquet wrote: > Will/could there be some kind of UPDATING announcement re which files > explicitly to switch out/remove/replace/checkfor etc the deprecated > lines and precisely the steps to replace with new or some other > suitable action? Action required for both

Re: [FreeBSD-Announce] HEADS-UP: OpenSSH DSA keys are deprecated in 12.0 and 11.0

> On Aug 8, 2016, at 12:39 PM, Bernard Spil wrote: > > Hi Devin, > > This resource documents the choices pretty well I think > https://stribika.github.io/2015/01/04/secure-secure-shell.html > > Author has

Re: [FreeBSD-Announce] HEADS-UP: OpenSSH DSA keys are deprecated in 12.0 and 11.0

Hi Devin, This resource documents the choices pretty well I think https://stribika.github.io/2015/01/04/secure-secure-shell.html Author has made some modifications up to Jan 2016 https://github.com/stribika/stribika.github.io/commits/master/_posts/2015-01-04-secure-secure-shell.md The short

Re: [FreeBSD-Announce] HEADS-UP: OpenSSH DSA keys are deprecated in 12.0 and 11.0

On 2016-08-08 14:17, Conrad Meyer wrote: > The OpenSSH defaults are intentionally sane. RSA 2048 is anticipated > to be fine for the next 10 years. It would not be a bad choice. I'm > not aware of any reason not to use EC keys, and presumably the openssh > authors wouldn't ship them as an

Re: [FreeBSD-Announce] HEADS-UP: OpenSSH DSA keys are deprecated in 12.0 and 11.0

The OpenSSH defaults are intentionally sane. RSA 2048 is anticipated to be fine for the next 10 years. It would not be a bad choice. I'm not aware of any reason not to use EC keys, and presumably the openssh authors wouldn't ship them as an option if they knew of any reason to believe they were

Re: [FreeBSD-Announce] HEADS-UP: OpenSSH DSA keys are deprecated in 12.0 and 11.0

Which would you use? ECDSA? https://en.wikipedia.org/wiki/Elliptic_curve_cryptography "" In the wake of the exposure of Dual_EC_DRBG as "an NSA undercover operation", cryptography experts have also expressed concern over the security

Re: HEADS-UP: OpenSSH DSA keys are deprecated in 12.0 and 11.0

On 08/05/16 03:09, Glen Barber wrote: > On Fri, Aug 05, 2016 at 01:59:18AM +, Glen Barber wrote: >> This is a heads-up that OpenSSH keys are deprecated upstream by OpenSSH, >> and will be deprecated effective 11.0-RELEASE (and preceeding RCs). >> > > Stupid editor mistake. OpenSSH DSA keys

Re: HEADS-UP: OpenSSH DSA keys are deprecated in 12.0 and 11.0

On Fri, Aug 05, 2016 at 01:59:18AM +, Glen Barber wrote: > This is a heads-up that OpenSSH keys are deprecated upstream by OpenSSH, > and will be deprecated effective 11.0-RELEASE (and preceeding RCs). > Stupid editor mistake. OpenSSH DSA keys are deprecated upstream. Sorry for any

HEADS-UP: OpenSSH DSA keys are deprecated in 12.0 and 11.0

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 This is a heads-up that OpenSSH keys are deprecated upstream by OpenSSH, and will be deprecated effective 11.0-RELEASE (and preceeding RCs). Please see r303716 for details on the relevant commit, but upstream no longer considers them secure.