https://bugzilla.mindrot.org/show_bug.cgi?id=3577
Bug ID: 3577 Summary: CASignatureAlgorithms supports -cert alogrithms Product: Portable OpenSSH Version: 9.3p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5 Component: ssh Assignee: unassigned-b...@mindrot.org Reporter: xspielinbox+mind...@protonmail.com Hello, The CASignatureAlgorithms directive in ssh and sshd supports the following algorithms: ssh-ed25519 ssh-ed25519-cert-...@openssh.com sk-ssh-ed25...@openssh.com sk-ssh-ed25519-cert-...@openssh.com ssh-rsa rsa-sha2-256 rsa-sha2-512 ssh-dss ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 sk-ecdsa-sha2-nistp...@openssh.com webauthn-sk-ecdsa-sha2-nistp...@openssh.com ssh-rsa-cert-...@openssh.com rsa-sha2-256-cert-...@openssh.com rsa-sha2-512-cert-...@openssh.com ssh-dss-cert-...@openssh.com ecdsa-sha2-nistp256-cert-...@openssh.com ecdsa-sha2-nistp384-cert-...@openssh.com ecdsa-sha2-nistp521-cert-...@openssh.com sk-ecdsa-sha2-nistp256-cert-...@openssh.com Why are the *-cert-...@openssh.com algorithms allowed here? This seems wrong to me as per documentation intermediate certificates aren't supported and I don't see how this would work then. They also aren't enabled by default. -- You are receiving this mail because: You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs