Thorsten Glaser
2023-Sep-03 22:53 UTC
[patch] ssh-keygen(1): generate Ed25519 keys when invoked without arguments
On Sun, 3 Sep 2023, Stuart Henderson wrote:>> OpenSSH has supported Ed25519 since version 6.5 (January 2014).>amazingly, even Mikrotik finally added support (August 2023)...>Seems a sane default to me. People can always use -t rsa if needed.I?d rather not. Almost all *25519* code in existence is derived from DJB?s which is labelled as being in the public domain, but lacks a fallback licence for those jurisdictions where people cannot just waive copyright (and DJB is notorious in not handing out those). I know of one independent implementation under GPL, which would therefore not be a choice. Thanks, //mirabilos -- <igli> exceptions: a truly awful implementation of quite a nice idea. <igli> just about the worst way you could do something like that, afaic. <igli> it's like anti-design. <mirabilos> that too? may I quote you on that? <igli> sure, tho i doubt anyone will listen ;)
Jim Knoble
2023-Sep-04 06:07 UTC
[patch] ssh-keygen(1): generate Ed25519 keys when invoked without arguments
> On Sep 3, 2023, at 15:57, Thorsten Glaser <t.glaser at tarent.de> wrote: > > ?On Sun, 3 Sep 2023, Stuart Henderson wrote: > >>> OpenSSH has supported Ed25519 since version 6.5 (January 2014). > >> amazingly, even Mikrotik finally added support (August 2023)... > >> Seems a sane default to me. People can always use -t rsa if needed. > > I?d rather not. > > [...] *25519* code [...] is [....] in the public domain, but lacks a fallback licence [...].This doesn't sound like a problem. In a jurisdiction where public domain is legal, type the code in by hand. Public domain means anyone is free to copy it. Once you type it in, you own the copyright (it's your work), and you can license it under MIT, BSD, whatever. Or is there a specific jurisdiction that claims that DJB's original copyright somehow overrides that?
Damien Miller
2023-Sep-06 01:18 UTC
[patch] ssh-keygen(1): generate Ed25519 keys when invoked without arguments
On Mon, 4 Sep 2023, Thorsten Glaser wrote:> On Sun, 3 Sep 2023, Stuart Henderson wrote: > > >> OpenSSH has supported Ed25519 since version 6.5 (January 2014). > > >amazingly, even Mikrotik finally added support (August 2023)... > > >Seems a sane default to me. People can always use -t rsa if needed. > > I?d rather not. > > Almost all *25519* code in existence is derived from DJB?s which > is labelled as being in the public domain, but lacks a fallback > licence for those jurisdictions where people cannot just waive > copyright (and DJB is notorious in not handing out those). I know > of one independent implementation under GPL, which would therefore > not be a choice.This is irrelevant to the choice of the default algorithm. OpenSSH includes this code (written by Matt Dempsky, not djb) regardless of what the default happens to be. Anyway, Job's change has been committed and the default will be ed25519 in OpenSSH 9.5. -d