openssh unix dev - Sep 2023 - [patch] ssh-keygen(1): generate Ed25519 keys when invoked without arguments

On Mon, 4 Sep 2023, Thorsten Glaser wrote:
> On Sun, 3 Sep 2023, Stuart Henderson wrote:
> 
> >> OpenSSH has supported Ed25519 since version 6.5 (January 2014).
> 
> >amazingly, even Mikrotik finally added support (August 2023)...
> 
> >Seems a sane default to me. People can always use -t rsa if needed.
> 
> I?d rather not.
> 
> Almost all *25519* code in existence is derived from DJB?s which
> is labelled as being in the public domain, but lacks a fallback
> licence for those jurisdictions where people cannot just waive
> copyright (and DJB is notorious in not handing out those). I know
> of one independent implementation under GPL, which would therefore
> not be a choice.
This is irrelevant to the choice of the default algorithm. OpenSSH
includes this code (written by Matt Dempsky, not djb) regardless of
what the default happens to be.

Anyway, Job's change has been committed and the default will be
ed25519 in OpenSSH 9.5.

-d

On Wed, 6 Sep 2023, Damien Miller wrote:
>This is irrelevant to the choice of the default algorithm. OpenSSH
>includes
Not everywhere. People can remove that from their builds.
> this code (written by Matt Dempsky, not djb) regardless of
It?s not, it clearly says DJB in the source (e.g. ed25519.c).
>Anyway, Job's change has been committed and the default will be
>ed25519 in OpenSSH 9.5.
I register protest (this will make it even harder to get people
to use RSA keys) but I acknowledge that continuing will not lead
anywhere.

bye,
//mirabilos
-- 
15:41?<Lo-lan-do:#fusionforge> Somebody write a testsuite for helloworld
:-)