Stuart Henderson <stu@xxxxxxxxxxxxxxx> wrote: > On 2025/08/12 09:42, Damien Miller wrote: > > We have backported the new name to past OpenSSH versions to make it > > as easy as possible for downstream maintainers, especially though who > > maintain LTS OS distributions to include it in their releases. > > > > Supporting both names will maximise the universe of software that will > > automatically use a post-quantum safe key agreement scheme. We believe > > this is an important step to reduce the risk of "store now, decrypt > > later" attacks. > > > > If you are a maintainer for OpenSSH in a LTS operating system, please > > consider including this change, cherrypicked from the relevant branch > > for the OpenSSH release you ship (e.g. from the V_9_0 branch for > > OpenSSH 9.0). Please let me know if there is anything I can do to > > assist. > > Passing on a message from chatting with someone about this change - > apparently there are older Fedora/RHEL boxes which do have openssh 9.x > but don't have mlkem768x25519-sha256 enabled in default crypto-policies. > Not sure if that would be in scope for a change at this point but maybe > worth relevant maintainer/s considering if possible. Yes, this is known. Redhat has some pretty agressive policies forcing older crypto at their varied userbase, and ship with massive downstream changes to OpenSSH. Thus far our arguments for progress have fallen on deaf ears, so users need to make manual changes or they remain on non-PQ algorithms. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
