Hi, I have just made a series of commits to the stable branches of portable OpenSSH versions 8.9 through 9.8 to enable the "sntrup761x25519-sha512" key agreement algorithm. This algorithm is the IANA-allocated name for the existing post-quantum algorithm "sntrup761x25519-sha512@xxxxxxxxxxx". Apart from the name, "sntrup761x25519-sha512" is completely identical and it was only a trivial change to enable the new standard name as an additional alias. This key exchange algorithm is widely deployed under the exiting "@openssh.com" vendor extension name, but is in the final stages of standarisation[1] by the IETF under the new IANA-allocated name. We have backported the new name to past OpenSSH versions to make it as easy as possible for downstream maintainers, especially though who maintain LTS OS distributions to include it in their releases. Supporting both names will maximise the universe of software that will automatically use a post-quantum safe key agreement scheme. We believe this is an important step to reduce the risk of "store now, decrypt later" attacks. If you are a maintainer for OpenSSH in a LTS operating system, please consider including this change, cherrypicked from the relevant branch for the OpenSSH release you ship (e.g. from the V_9_0 branch for OpenSSH 9.0). Please let me know if there is anything I can do to assist. For more information on OpenSSH's integration of post-quantum cryptography, please take a look at http://openssh.com/pq.html -d [1] https://datatracker.ietf.org/doc/draft-josefsson-ntruprime-ssh/ _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
