3 comments

  • Panino4 hours ago
    Among other changes 10.4 adds post-quantum keys (composite ML-DSA 44 and Ed25519), not enabled by default.<p>When pq key agreement was added in 2019, it took almost 3 years for it to become enabled by default. This isn&#x27;t criticism, just an observation. I don&#x27;t have a pressing need for pq sigs. Always happy for new OpenSSH releases though!
    • throw0101a2 hours ago
      &gt; <i>Among other changes 10.4 adds post-quantum keys (composite ML-DSA 44 and Ed25519), not enabled by default.</i><p>The draft was only published a few months ago:<p>* <a href="https:&#x2F;&#x2F;datatracker.ietf.org&#x2F;doc&#x2F;draft-miller-sshm-mldsa44-ed25519-composite-sigs&#x2F;" rel="nofollow">https:&#x2F;&#x2F;datatracker.ietf.org&#x2F;doc&#x2F;draft-miller-sshm-mldsa44-e...</a><p>The draft is a &#x27;personal document&#x27;, so not associated with the IETF&#x2F;WG.
  • throw0101a4 hours ago
    HTML version of release notes:<p>* <a href="https:&#x2F;&#x2F;www.openssh.org&#x2F;releasenotes.html#10.4" rel="nofollow">https:&#x2F;&#x2F;www.openssh.org&#x2F;releasenotes.html#10.4</a>
    • atonse2 hours ago
      Still looks like ascii, doesn’t automatically wrap, nor is it responsive.<p>Anyone know if these projects accept PRs to improve these kinds of things, like legibility? Or is it a point of pride?
      • liuchao-0012 minutes ago
        It is vintage style. I actually love it a lot.
      • ninjin17 minutes ago
        Well, you can have a look at the commit history to see what changes have been accepted in the past:<p><a href="https:&#x2F;&#x2F;github.com&#x2F;openbsd&#x2F;www&#x2F;commits&#x2F;master" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;openbsd&#x2F;www&#x2F;commits&#x2F;master</a><p>My experience is that minor improvements tend to get accepted if they come with a solid technical motivation. If the change is simply justified by &quot;best practices&quot; and is rather large, then the conservative choice of just leaving things as they are usually prevail.<p>For example, I think I have seen two proposals for major overhauls of the OpenBSD.org homepage by &quot;outsiders&quot; over the last three years or so and they were both rejected. However, as you can see by the commit log, minor improvements (including presentation ones) happen all the time.
      • rovr1381 hour ago
        <a href="https:&#x2F;&#x2F;www.openssh.org&#x2F;releasenotes.html#10.4" rel="nofollow">https:&#x2F;&#x2F;www.openssh.org&#x2F;releasenotes.html#10.4</a><p><pre><code> &lt;!-- DO NOT EDIT MANUALLY! This is generated from: www&#x2F;build&#x2F;openssh&#x2F;releasenotes.html.head www&#x2F;build&#x2F;openssh&#x2F;releasenotes.html.tail See comments in www&#x2F;build&#x2F;openssh&#x2F;Makefile for details. --&gt;</code></pre>
  • lousken3 hours ago
    Is hmac-sha1 and umac-64 still enabled by default?
    • throw0101a2 hours ago
      Yes:<p>* <a href="https:&#x2F;&#x2F;man.openbsd.org&#x2F;ssh_config.5#MACs" rel="nofollow">https:&#x2F;&#x2F;man.openbsd.org&#x2F;ssh_config.5#MACs</a><p>* <a href="https:&#x2F;&#x2F;man.openbsd.org&#x2F;sshd_config.5#MACs" rel="nofollow">https:&#x2F;&#x2F;man.openbsd.org&#x2F;sshd_config.5#MACs</a><p>ETM, encrypt-than-mac, variants are at the front of the preference list.<p>* <a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;UMAC_(cryptography)" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;UMAC_(cryptography)</a>