search for: eddsa

...t probable to be >> released? >> > We have no idea .. we don't design what is in CentOS. If Red Hat adds > those things to RHEL-6 then we will put them in CentOS .. If they don't > we won't. And for example, if RH does not backport openSSL 1.1.1, you will not get EDDSA certificate support for TLS? 1.3.? Now you might not care about this for your servers and just continue to use ECDSA certs. Clients will increasingly encounter EDDSA certs and it will be interesting to see how this is handled in older clients.? We have had years to spread support for ECDSA befo...

...gt;> We have no idea .. we don't design what is in CentOS.? If Red Hat adds >>> those things to RHEL-6 then we will put them in CentOS .. If they don't >>> we won't. >> >> And for example, if RH does not backport openSSL 1.1.1, you will not >> get EDDSA certificate support for TLS? 1.3.? Now you might not care >> about this for your servers and just continue to use ECDSA certs. >> Clients will increasingly encounter EDDSA certs and it will be >> interesting to see how this is handled in older clients.? We have had >> ye...

...alling a self-signed independent cert.? There is much written about building your own CA and a number of tools for that like openCA.? I can't speak for all your devices or apps, but there should be ways.... In personal promotion, I have been doing my own CA work for ECDSA certs and now for EDDSA certs (and I wonder what commercial CAs are providing them).? See my Internet draft: draft-moskowitz-ecdsa-pki And my github for pending updates to this and the new eddsa-pki draft (to be published after openSSL 1.1.1 is released). https://github.com/rgmhtt/draft-moskowitz-ecdsa-pki https://gi...

...sed? >>> >> We have no idea .. we don't design what is in CentOS. If Red Hat adds >> those things to RHEL-6 then we will put them in CentOS .. If they don't >> we won't. > > And for example, if RH does not backport openSSL 1.1.1, you will not get > EDDSA certificate support for TLS? 1.3.? Now you might not care about this > for your servers and just continue to use ECDSA certs. Clients will > increasingly encounter EDDSA certs and it will be interesting to see how this > is handled in older clients.? We have had years to spread support...

...k you need an OID to put in the namedCurve field of EC Parameters structure, right? The structure is: Parameters:: = CHOICE { ecParametersECParameters, namedCurveCURVES. & id( { CurveNames}), implicitlyCANULL} The ecParametersECParameters approach doesn't work, I believe, for EdDSA, but a namedCurve would probably do. But what OID to use? I'm happy to reserve 1.3.6.1.4.1.11591.9 to mean a namedCurve value for Ed25519 in PKCS#11. I'm not sure this approach works out -- but let's try. /Simon > Cheers, > > Thomas > > On Thu, Oct 8, 2015 at 2:00 PM...

On 18.10.2018 00:08, Johnny Hughes wrote: > The bottom line .. we don't make the decision whether or not to use > systemd or not. We rebuild RHEL source code. will there come a CentOS 6.11 which will be capable of TLS1.3 or HTTP/2? I'm sure there will come a CentOS 8, but when is it probable to be released? one of the most important things (for me), as I already noticed there will

I referred to the fact that there is no value for 4096-bit groups at all. For higher strengths than 128 bits one should probably not use non-EC crypto at all, as the document suggests. On Fri, Feb 15, 2019 at 9:19 AM Darren Tucker <dtucker at dtucker.net> wrote: > > On Fri, 15 Feb 2019 at 16:45, Yegor Ievlev <koops1997 at gmail.com> wrote: > > That doesn't seem to be

I am getting myself confused, and need someone who fully understands this process to help me out a bot. I would like to obtain an ssl certificate, so I can run my own imap server on a machine in my office. My domain is hosted by networksolutions, but I don't run my imap server there. I am assuming I'll need to pay a CA to generate what I need, but I'm confused about what I

...penSSH can positively impact the wider eco-system and industry. I'd like to suggest ssh-keygen to generate an Ed25519 keypair, if invoked without any arguments. OpenSSH has supported Ed25519 since version 6.5 (January 2014). The newly published FIPS 186-5 (February 2023) guidelines approve the EdDSA algorithms specified in IETF RFC 8032 (January 2017). At p2k23 Theo de Raadt suggested now (before OpenBSD 7.4 release) is good timing to consider this change. Is there a reason not to do this? OK? Kind regards, Job Further reading: Original Ed25519 paper: https://ed25519.cr.yp.to/ed25519-20...

What about the pki package that comes with Centos? pki-server and pki-ca? On 04/16/2017 11:54 AM, Alice Wonder wrote: > Oh I don't know, their github works. > > However it seems that it isn't able to deal with more than one ocsp > signing key. > > On 04/16/2017 08:40 AM, Robert Moskowitz wrote: >> >> >> On 04/14/2017 10:41 PM, Alice Wonder wrote:

See attached: (1) patch against 7.9p1, tested with openssl 1.1.0j and openssl 1.1.1a on linux/i386; passes regression test and connects to unpatched sshd without problems; I hacked a bit regress/unittests/kex, and benchmarked do_kex_with_key("curve25519-sha256 at libssh.org", KEY_ED25519, 256); Before: 0.3295s per call After: 0.2183s per call That is, 50% speedup; assuming

...ion, Inc. License GPLv3+: GNU GPL version 3 or later < https://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: /home/wink/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA Cipher: IDEA, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 I went to http://releases.llvm.org/download.html and downloaded llvm-8.0.0: http://releases....

...llenges with ED25519 certs, I will soon have an Internet Draft out on them). So general heads up.? TLS 1.3 is claimed to be the cat's meow for security (I see it as a kitchen sink).? There will be questions asking for when it will be available (wait until they start thinking about creating EDDSA pkis). Yet another thing for our hard working Centos team.

...ttps://gnu.org/licenses/gpl.html> > > This is free software: you are free to change and redistribute it. > > There is NO WARRANTY, to the extent permitted by law. > > > > Home: /home/wink/.gnupg > > Supported algorithms: > > Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA > > Cipher: IDEA, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, > > CAMELLIA192, CAMELLIA256 > > Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 > > Compression: Uncompressed, ZIP, ZLIB, BZIP2 > > > > > > I went to http://release...

...SHv2 RFCs[3], mostly because alternative algorithms were encumbered by patents when the SSHv2 protocol was designed and specified. Since then, the world has moved on. RSA is unencumbered and support for it is ubiquitous. ECDSA offers significant performance and security benefits over modp DSA, and EdDSA overs further performance and security improvements over both again. The only remaining use of DSA at this point should be deeply legacy devices. As such, we no longer consider the costs of maintaining DSA in OpenSSH to be justified. Moreover, we hope that OpenSSH's final removal of this insec...

...SHv2 RFCs[3], mostly because alternative algorithms were encumbered by patents when the SSHv2 protocol was designed and specified. Since then, the world has moved on. RSA is unencumbered and support for it is ubiquitous. ECDSA offers significant performance and security benefits over modp DSA, and EdDSA overs further performance and security improvements over both again. The only remaining use of DSA at this point should be deeply legacy devices. As such, we no longer consider the costs of maintaining DSA in OpenSSH to be justified. Moreover, we hope that OpenSSH's final removal of this insec...

On 10/8/2015 4:49 AM, Simon Josefsson wrote: > Mathias Brossard <mathias at brossard.org> writes: > >> Hi, >> >> I have made a patch for enabling the use of ECDSA keys in the PKCS#11 >> support of ssh-agent which will be of interest to other users. > > Nice! What would it take to add support for Ed25519 too? Do we need to > allocate any new PKCS#11

Hi, I have made a patch for enabling the use of ECDSA keys in the PKCS#11 support of ssh-agent which will be of interest to other users. I have tested it with P-256 keys. P-384 and P-521 should work out-of-the box. The code is ready for non-FIPS curves (named or explicit), but OpenSSH currently limits ECDSA to those 3 curves. At high level it works like the support for RSA, but because of

Hi, As of this morning, OpenSSH now has experimental U2F/FIDO support, with U2F being added as a new key type "sk-ecdsa-sha2-nistp256 at openssh.com" or "ecdsa-sk" for short (the "sk" stands for "security key"). If you're not familiar with U2F, this is an open standard for making inexpensive hardware security tokens. These are easily the cheapest way

Doug, On 03/16/2017 11:23 PM, Doug Barton wrote: > Your pattern seems a little too complicated. See below. I acquired this script from: http://www.campworld.net/thewiki/pmwiki.php/LinuxServersCentOS/Cent6VirtMailServer No telling where he got it from. So I greatly appreciate any and all advice. I am writing my own howto, and I would like to think I am doing a better job of it. I hope