Date: 26 Jul 2002 16:49:53 +0200 From: Dag-Erling Smorgrav <des@ofug.org> To: Tony Finch <dot@dotat.at> Cc: freebsd-security@freebsd.org Subject: Re: ssh host key inconsistency Message-ID: <xzp8z3ymtm6.fsf@flood.ping.uio.no> In-Reply-To: <20020726145249.B7551@chiark.greenend.org.uk> References: <20020726135837.A7551@chiark.greenend.org.uk> <xzpd6tamynf.fsf@flood.ping.uio.no> <20020726145249.B7551@chiark.greenend.org.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Tony Finch <dot@dotat.at> writes: > In that case, how about this? (And what is the reasoning for not using > both the RSA and DSA keys?) According to the draft standard, RSA is deprecated and DSA is the preferred cipher. There's also a POLA issue; previous FreeBSD releases have used only DSA, and enabling RSA would cause spurious "unknown host key" warnings (OpenSSH prefers RSA to DSA when both are available, so the DSA key would be ignored) The patch looks good. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzp8z3ymtm6.fsf>