From owner-freebsd-current@freebsd.org Fri Aug 5 02:09:52 2016 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 25B69BAF62C; Fri, 5 Aug 2016 02:09:52 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 170DE1631; Fri, 5 Aug 2016 02:09:52 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from FreeBSD.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by freefall.freebsd.org (Postfix) with ESMTP id BF4C31939; Fri, 5 Aug 2016 02:09:51 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Date: Fri, 5 Aug 2016 02:09:50 +0000 From: Glen Barber To: freebsd-current@freebsd.org, freebsd-stable@freebsd.org, freebsd-announce@freebsd.org Subject: Re: HEADS-UP: OpenSSH DSA keys are deprecated in 12.0 and 11.0 Message-ID: <20160805020950.GJ43509@FreeBSD.org> References: <20160805015918.GI43509@FreeBSD.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="J+eNKFoVC4T1DV3f" Content-Disposition: inline In-Reply-To: <20160805015918.GI43509@FreeBSD.org> X-Operating-System: FreeBSD 11.0-CURRENT amd64 X-SCUD-Definition: Sudden Completely Unexpected Dataloss X-SULE-Definition: Sudden Unexpected Learning Event X-PEKBAC-Definition: Problem Exists, Keyboard Between Admin/Computer User-Agent: Mutt/1.5.24 (2015-08-30) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Aug 2016 02:09:52 -0000 --J+eNKFoVC4T1DV3f Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Aug 05, 2016 at 01:59:18AM +0000, Glen Barber wrote: > This is a heads-up that OpenSSH keys are deprecated upstream by OpenSSH, > and will be deprecated effective 11.0-RELEASE (and preceeding RCs). >=20 Stupid editor mistake. OpenSSH DSA keys are deprecated upstream. Sorry for any confusion. > Please see r303716 for details on the relevant commit, but upstream no > longer considers them secure. Please replace DSA keys with ECDSA or RSA > keys as soon as possible, otherwise there will be issues when upgrading > from 11.0-BETA4 to the subsequent 11.0 build, but most definitely the > 11.0-RELEASE build. >=20 Glen On behalf of: re@ and secteam@ --J+eNKFoVC4T1DV3f Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXo/VuAAoJEAMUWKVHj+KT8/AP/14kAQTyL++trYzTgp+6cUJ2 Y8jJPg6agpXHHJMCjyfkbEnFUQnlPk4+SSfHxVP95VgHzukpJqJA4oQL7tWL8Vna 3LFU2Wg3TAMbh5TE9fSZ610NTRgNt0uLmeXEojgON4lH0JE9ju8dqWja6UNyHvgU yRv7RRorUarA3qGDWUm0u73o+OabYmcUhQ7/ghNi3hij90mvbbuOllK2aYRAZRCI n2rN6fErnCEpYetvwOUuordx5u0pU9ta2dwOTPDOmoFQ5mKYCTeSj+IXhzJV7hS2 SyUTYtfhqL8t0+p9SG5ZWQl/5CRnxPlamvs7/FRARTNZudX9r9fCXE622z13eZe/ 1Xc8FDCfMHaW9VNirSsMT5pPh3O+cCREgWdyUB94rKONllpBInAZhvAaiHxjddZ9 VFFAoo9VOPmrwtM+66RSifqJ3BUNDa+vRxiX+3/46D0VPARENhgu15BXNp3BNx1/ UihNZ0hSaSn9M279zlAcvVVPbLYmqlCf28URlopC2ug+Y6GYC+KvwdEZAJg0yANO sYvAbVmAXMuvMTq4AaKAMPW/84q+n90oTqjjQErAZfGPycL7LBJRRULQ2hLmSdbe L8KdR2trq0SDYG385ROyf4CaK4BuE2XaCgWdIG+3+KgI03lLX6dhXlFkMzJLbIpb qD4d24HR1OMzOuDlwbig =ORzJ -----END PGP SIGNATURE----- --J+eNKFoVC4T1DV3f--