[08:50] <gevreeen> could we use ed25519 keys now on launchpad?
[08:54] <gevreeen> (and staging?)
[09:08] <gevreeen> also, does launchpad plans to offer ed25519 host keys, sarnold?
[09:08] <gevreeen> to be added here > https://help.launchpad.net/SSHFingerprints only rsa shown
[10:55] <cjwatson> gevreeen: sarnold isn't on the Launchpad team.  Yes, you can use Ed25519 keys.  No immediate plans to offer Ed25519 host keys - that's relatively minor by comparison with sorting out user keys
[10:56] <cjwatson> And RSA isn't broken if you're using it with SHA-2 signatures, so it isn't a pressing security concern
[10:57] <cjwatson> (don't get me wrong, sarnold is very helpful, it's just not fair to ask him about plans that he can't really be in a position to know)
[11:29] <gevreeen> ah, it was him last time who promised oncoming ed25519 support while denying such to ed448. sorry for bothering both of you on the matter
[12:19] <cjwatson> I think he was just relaying stuff I'd said
[12:20] <cjwatson> I don't mind being bothered about it, just wanted to make sure you were bothering the right person :)
[15:16] <gevreeen> cjwatson: I just took a look at the section of windows registry documenting my putty config, which essentially gives KEX as "ecdh,rsa,WARN,dh-gex-sha1,dh-group14-sha1,dh-group1-sha1"
[15:17] <gevreeen> maybe I should talk to putty devs instead, but offering ed25519 (or perhaps ed448/nistp521) as a side option does help (gitlab and github already offers ed25519 hostkey)
[16:14] <tomreyn> "WARN" is an interesting key exchange algorithm. :)
[16:14] <gevreeen> tomreyn: anything to the right of WARN will generate a warning dialog in putty
[16:15] <gevreeen> dare not remove then for fear of breaking the program
[16:15] <tomreyn> i see, didn't know how putty works there.
[16:15] <gevreeen> s/then/them/
[16:39] <tomreyn> I could agree that it's a bit of a problem that the only supported host keys on git.launchpad.net provide less than 128 bits of security.
[16:40] <tomreyn> using a >= 3072-bit modulus would help there
[16:40] <tomreyn> other than that, rsa is still fine.
[16:42] <tomreyn> (though it's usually good to support more than a single non-weak host key type, kex algorithm, cipher and mac)