On 26 Jun 2016 13:13, Stephen Kent wrote: > 1) Feature parity with OpenSSH, which has supported ED25519 user and > host keys since version 6.5.
even more importantly, recent openssh versions can be built w/out openssl entirely. this makes the result smaller and easier to reason about from a security pov. the downside is that only ED25519 is supported. > 2) I'm not a security expert, but there's some discussion suggesting > that ECDSA may be compromised or vulnerable to attack by the NSA. See > this page and the linked pages: > https://stribika.github.io/2015/01/04/secure-secure-shell.html > It may be desirable for some people to allow the use of ED25519 keys > instead. much of the concern around ECC w/the NSA was centered on the specific constants selected in the NIST recommendations. and Dual_EC_DRBG which everyone has dropped now. -mike
signature.asc
Description: Digital signature