Stuart Henderson
2023-Sep-03 22:35 UTC
[patch] ssh-keygen(1): generate Ed25519 keys when invoked without arguments
On 2023/09/03 22:13, Job Snijders wrote:> Dear all, > > Ed25519 public keys being as small as they are is very convenient. > There is an opportunity to nudge the world towards modern algorithms. > I believe choices made in OpenSSH can positively impact the wider > eco-system and industry. I'd like to suggest ssh-keygen to generate an > Ed25519 keypair, if invoked without any arguments. > > OpenSSH has supported Ed25519 since version 6.5 (January 2014). > The newly published FIPS 186-5 (February 2023) guidelines approve > the EdDSA algorithms specified in IETF RFC 8032 (January 2017).amazingly, even Mikrotik finally added support (August 2023)...> At p2k23 Theo de Raadt suggested now (before OpenBSD 7.4 release) is > good timing to consider this change. Is there a reason not to do this? > > OK?Seems a sane default to me. People can always use -t rsa if needed.
Thorsten Glaser
2023-Sep-03 22:53 UTC
[patch] ssh-keygen(1): generate Ed25519 keys when invoked without arguments
On Sun, 3 Sep 2023, Stuart Henderson wrote:>> OpenSSH has supported Ed25519 since version 6.5 (January 2014).>amazingly, even Mikrotik finally added support (August 2023)...>Seems a sane default to me. People can always use -t rsa if needed.I?d rather not. Almost all *25519* code in existence is derived from DJB?s which is labelled as being in the public domain, but lacks a fallback licence for those jurisdictions where people cannot just waive copyright (and DJB is notorious in not handing out those). I know of one independent implementation under GPL, which would therefore not be a choice. Thanks, //mirabilos -- <igli> exceptions: a truly awful implementation of quite a nice idea. <igli> just about the worst way you could do something like that, afaic. <igli> it's like anti-design. <mirabilos> that too? may I quote you on that? <igli> sure, tho i doubt anyone will listen ;)