Confirmed users
502
edits
Talk:Security/Guidelines/OpenSSH: Difference between revisions
no edit summary
JanZerebecki (talk | contribs) No edit summary |
Gdestuynder (talk | contribs) No edit summary |
||
| Line 1: | Line 1: | ||
== Question from [[User:JanZerebecki|JanZerebecki]] == | |||
Shouldn't HostKeyAlgorithms 1) have ecdsa-sha2-nistp256-cert-v01@openssh.com after ecdsa-sha2-nistp384-cert-v01@openssh.com and 2) not list all openssh.com variants first but primarily order by algorithm? | Shouldn't HostKeyAlgorithms 1) have ecdsa-sha2-nistp256-cert-v01@openssh.com after ecdsa-sha2-nistp384-cert-v01@openssh.com and 2) not list all openssh.com variants first but primarily order by algorithm? | ||
| Line 7: | Line 9: | ||
-[[User:JanZerebecki|JanZerebecki]] ([[User talk:JanZerebecki|talk]]) 10:28, 2 March 2015 (PST) | -[[User:JanZerebecki|JanZerebecki]] ([[User talk:JanZerebecki|talk]]) 10:28, 2 March 2015 (PST) | ||
=== Reply from kang === | |||
1) Fixed, thanks! | |||
2) There's an argument to be add for cert keys vs no cert keys. I linked the [http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.bin/ssh/PROTOCOL.certkeys?rev=1.9&content-type=text/plain doc] and we currently prefer cert keys, even thus the negociated algorithm may be weaker (eg ecdsa sha2 nistp256 with cert keys prefered to ecdsa sha nistp521 without cert). | |||