Re: Removing DSS and other unreasonable algorithms (Was: Missing signed-off for pkg chacha20 patches)

[Tilo Eckert <tilo.eckert@xxxxxxx>]

Am 20.06.2018 um 15:12 schrieb Andreas Schneider:
> On Tuesday, 19 June 2018 16:35:49 CEST Jakub Jelen wrote:
>> On Thu, 2018-06-14 at 16:03 +0200, Andreas Schneider wrote:
>>> [...]
>>>
>>> Looks like openssh removed support for ssh-dss. At least my openssh
>>> 7.7
>>> doesn't know about it at all.
>>
>> The OpenSSH 7.7p1 still has the support for ssh-dss keys, but they are
>> disabled by default for any use, unless you enable them using
>> PubkeyAcceptedKeyTypes and friend configuration options. The reason why
>> it is still there is probably because the DSA keys are mandatory part
>> (REQUIRED) of RFC4253 (Section 6.6).
>>
>>> I would remove it from libssh after the release of 0.8 together with
>>> SSHv1
>>> support.
>>>
>>> I think we can remove it from pkd already? Comments?
>>
>> Removing the ancient SSHv1, blowfish and other unreasonable algorithms
>> makes sense for me.
> 
> SSHv1 will be removed, the algorithms will not be compiled in by default but 
> still available.
> 
> This should not affect connecting to RHEL5 as it support and uses rsa keys by 
> default.
> 
> 
> 	Andreas
> 

If we are already tidying up:

I suggest to also deprecate the insecure diffie-hellman-group1-sha1 kex
algorithm [1] which is currently compiled in by default.

Instead, maybe we should add curve25519-sha256 as an alias to the
curve25519-sha256@xxxxxxxxxx kex as Aris' proposal is in the IETF
standardization process [2] and OpenSSH has already adopted it in
September 2016.

[1] https://tools.ietf.org/id/draft-ietf-curdle-ssh-kex-sha2-10.html
[2] https://tools.ietf.org/id/draft-ietf-curdle-ssh-curves-07.html

Regards
Tilo