Source-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: src/etc/rc.d



Module Name:    src
Committed By:   riastradh
Date:           Sat May 26 19:18:11 UTC 2018

Modified Files:
        src/etc/rc.d: sshd

Log Message:
Revert previous: Don't generate XMSS host keys for sshd by default.

XMSS is a stateful post-quantum signature scheme.

- Post-quantum security for _online_ authentication is not important
  until quantum computers become practical; there's no danger of
  retroactive forgery in sessions that have already completed.

- As a stateful signature schemes, XMSS is qualitatively different
  from all the other ones sshd supports, requiring additional
  administrative care: roll back the state (e.g., from a disk backup
  or VM snapshot), and you've shot yourself in the foot.

If users want XMSS keys, they can make them explicitly, but there's
no need for this to be enabled by default.

Discussed with christos offline.


To generate a diff of this commit:
cvs rdiff -u -r1.28 -r1.29 src/etc/rc.d/sshd

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.




Home | Main Index | Thread Index | Old Index