Date: Thu, 21 Jan 2016 09:31:34 -0800 From: Conrad Meyer <cem@FreeBSD.org> To: =?UTF-8?Q?Dag=2DErling_Sm=C3=B8rgrav?= <des@freebsd.org> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r294495 - in head: . crypto/openssh Message-ID: <CAG6CVpXXadnEJt%2B=tjiyhpk04LtTeiAoOqYeTn2-bsxwJjmTAw@mail.gmail.com> In-Reply-To: <201601211110.u0LBAEI1081858@repo.freebsd.org> References: <201601211110.u0LBAEI1081858@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jan 21, 2016 at 3:10 AM, Dag-Erling Sm=C3=B8rgrav <des@freebsd.org>= wrote: > Author: des > Date: Thu Jan 21 11:10:14 2016 > New Revision: 294495 > URL: https://svnweb.freebsd.org/changeset/base/294495 > > Log: > Enable DSA keys by default. They were disabled in OpenSSH 6.9p1. Are we going to maintain DSA key support after upstream deprecates it entirely? And why? """ Future Deprecation Notice =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D The 7.0 release of OpenSSH, due for release in late July, will deprecate several features, some of which may affect compatibility or existing configurations. The intended changes are as follows: ... * Support for ssh-dss, ssh-dss-cert-* host and user keys will be run-time disabled by default. """ http://www.openssh.com/txt/release-6.9 "OpenSSH 7.0 and greater similarly disables the ssh-dss (DSA) public key algorithm. It too is weak and we recommend against its use." http://www.openssh.com/legacy.html Best, Conrad
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAG6CVpXXadnEJt%2B=tjiyhpk04LtTeiAoOqYeTn2-bsxwJjmTAw>