Date: Fri, 5 Aug 2016 09:48:02 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: freebsd-current@freebsd.org Subject: Re: HEADS-UP: OpenSSH DSA keys are deprecated in 12.0 and 11.0 Message-ID: <688e5574-10e3-05a6-3346-6ad8150c998b@infracaninophile.co.uk> In-Reply-To: <20160805020950.GJ43509@FreeBSD.org> References: <20160805015918.GI43509@FreeBSD.org> <20160805020950.GJ43509@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --WKsnPtME8PjevS7v1cSVPoaNErM8fesnu Content-Type: multipart/mixed; boundary="I37ufUA64XKIENJMpQcNXMgkgjTioFc1f" From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: freebsd-current@freebsd.org Message-ID: <688e5574-10e3-05a6-3346-6ad8150c998b@infracaninophile.co.uk> Subject: Re: HEADS-UP: OpenSSH DSA keys are deprecated in 12.0 and 11.0 References: <20160805015918.GI43509@FreeBSD.org> <20160805020950.GJ43509@FreeBSD.org> In-Reply-To: <20160805020950.GJ43509@FreeBSD.org> --I37ufUA64XKIENJMpQcNXMgkgjTioFc1f Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 08/05/16 03:09, Glen Barber wrote: > On Fri, Aug 05, 2016 at 01:59:18AM +0000, Glen Barber wrote: >> This is a heads-up that OpenSSH keys are deprecated upstream by OpenSS= H, >> and will be deprecated effective 11.0-RELEASE (and preceeding RCs). >> >=20 > Stupid editor mistake. OpenSSH DSA keys are deprecated upstream. Sorr= y > for any confusion. >=20 >> Please see r303716 for details on the relevant commit, but upstream no= >> longer considers them secure. Please replace DSA keys with ECDSA or R= SA I believe ED25519 keys are also a preferred type. >> keys as soon as possible, otherwise there will be issues when upgradin= g >> from 11.0-BETA4 to the subsequent 11.0 build, but most definitely the >> 11.0-RELEASE build. >> >=20 > Glen > On behalf of: re@ and secteam@ >=20 Cheers, Matthew --I37ufUA64XKIENJMpQcNXMgkgjTioFc1f-- --WKsnPtME8PjevS7v1cSVPoaNErM8fesnu Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJXpFLJAAoJEABRPxDgqeTnJv4QAIWmYUtJnkQD9J94qqZqRlCq GQWKO2QmhSPej3NPwhmACY43CYXUSVTwbFEtMXkXyi/O89xHvV9l8o2R2SIB/dCe LNmXoH40syJUgl3TeCH5BFVtUZWYW0DSFsD8m8RBB7xVVPhwggsKRsgN5ragjYf3 Mfx8Cc2+8HCev+7jA/AAyR2NCpGmMEDuznYeCx+X/7lGTs45C0f8sqk3yQywYpfD BPkGGVi+9qBveDegLh7MXNzx9mKdFuaKFgAOIYdEjAmTbZmz0aRNyJBJJv4PfV69 /ZvgnmGYNp/iuL2Lo01IKcSwtM6TXh90+AnPLGEhQCcotU/83nJWUCcXieN0pxui 9ybm1wkrPq79RXtx97ZOwHEDqbBC87AAtsRNPh8w2/4Yioq1fpGKWhWpBZ3N6EJZ m0GjbewK4O/VD+fPNHhfQMiLyfUiYnKhDPgAtuUJo15uvReyssgO7tzcOG9kILDe vd/aoyUVT6apLf/eNkQRHUvVVGOS/e0IDSy3gz7V91xnqpNtF+zwpVIuVqeJfN7C RdbIGsOMjncBf5C8TjHIPBb8yEYbCWO6ChhKf9yejbupf3sPjLGyD938rFWAni46 fMDgUGxDI22TF19xw7K3XMNZQiMZ9okb5SsKvkoDT5k4J0kkPv1LOW+Y7shmvihy FG6bURPthmkfA5lx5ObH =iOmW -----END PGP SIGNATURE----- --WKsnPtME8PjevS7v1cSVPoaNErM8fesnu--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?688e5574-10e3-05a6-3346-6ad8150c998b>