=== lukedashjr is now known as luke-jr
gevreeencould we use ed25519 keys now on launchpad?08:50
gevreeen(and staging?)08:54
gevreeenalso, does launchpad plans to offer ed25519 host keys, sarnold?09:08
gevreeento be added here > https://help.launchpad.net/SSHFingerprints only rsa shown09:08
cjwatsongevreeen: sarnold isn't on the Launchpad team.  Yes, you can use Ed25519 keys.  No immediate plans to offer Ed25519 host keys - that's relatively minor by comparison with sorting out user keys10:55
cjwatsonAnd RSA isn't broken if you're using it with SHA-2 signatures, so it isn't a pressing security concern10:56
cjwatson(don't get me wrong, sarnold is very helpful, it's just not fair to ask him about plans that he can't really be in a position to know)10:57
gevreeenah, it was him last time who promised oncoming ed25519 support while denying such to ed448. sorry for bothering both of you on the matter11:29
cjwatsonI think he was just relaying stuff I'd said12:19
cjwatsonI don't mind being bothered about it, just wanted to make sure you were bothering the right person :)12:20
gevreeencjwatson: I just took a look at the section of windows registry documenting my putty config, which essentially gives KEX as "ecdh,rsa,WARN,dh-gex-sha1,dh-group14-sha1,dh-group1-sha1"15:16
gevreeenmaybe I should talk to putty devs instead, but offering ed25519 (or perhaps ed448/nistp521) as a side option does help (gitlab and github already offers ed25519 hostkey)15:17
tomreyn"WARN" is an interesting key exchange algorithm. :)16:14
gevreeentomreyn: anything to the right of WARN will generate a warning dialog in putty16:14
gevreeendare not remove then for fear of breaking the program16:15
tomreyni see, didn't know how putty works there.16:15
tomreynI could agree that it's a bit of a problem that the only supported host keys on git.launchpad.net provide less than 128 bits of security.16:39
tomreynusing a >= 3072-bit modulus would help there16:40
tomreynother than that, rsa is still fine.16:40
tomreyn(though it's usually good to support more than a single non-weak host key type, kex algorithm, cipher and mac)16:42

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!