Module Name: src Committed By: riastradh Date: Sat May 26 19:18:11 UTC 2018
Modified Files: src/etc/rc.d: sshd Log Message: Revert previous: Don't generate XMSS host keys for sshd by default. XMSS is a stateful post-quantum signature scheme. - Post-quantum security for _online_ authentication is not important until quantum computers become practical; there's no danger of retroactive forgery in sessions that have already completed. - As a stateful signature schemes, XMSS is qualitatively different from all the other ones sshd supports, requiring additional administrative care: roll back the state (e.g., from a disk backup or VM snapshot), and you've shot yourself in the foot. If users want XMSS keys, they can make them explicitly, but there's no need for this to be enabled by default. Discussed with christos offline. To generate a diff of this commit: cvs rdiff -u -r1.28 -r1.29 src/etc/rc.d/sshd Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/etc/rc.d/sshd diff -u src/etc/rc.d/sshd:1.28 src/etc/rc.d/sshd:1.29 --- src/etc/rc.d/sshd:1.28 Sat May 26 00:17:54 2018 +++ src/etc/rc.d/sshd Sat May 26 19:18:11 2018 @@ -1,6 +1,6 @@ #!/bin/sh # -# $NetBSD: sshd,v 1.28 2018/05/26 00:17:54 jmcneill Exp $ +# $NetBSD: sshd,v 1.29 2018/05/26 19:18:11 riastradh Exp $ # # PROVIDE: sshd @@ -37,7 +37,6 @@ dsa 1024 ssh_host_dsa_key 2 DSA ecdsa 521 ssh_host_ecdsa_key 1 ECDSA ed25519 -1 ssh_host_ed25519_key 1 ED25519 rsa 0 ssh_host_rsa_key 2 RSA -xmss 0 ssh_host_xmss_key 1 XMSS _EOF ) }