Filippo Valsorda
Filippo Valsorda
https://golang.org/cl/327811 has the pre-announcement, moving to Go 1.18 for implementation.
@andig this kind of change is a balancing act. You're right that a big part is what other important players in the ecosystem are doing. Regrettably, OpenSSL CLIs move too...
> If crypto/x509 aims to be compatible with the WebPKI, then I'm afraid this change has to be rolled back or limited to just certificate signatures. You are, as always,...
The removal of the `x509sha1=1` GODEBUG switch has been moved back. SHA-1 certificates are not secure, and applications still relying on them should migrate ASAP and not rely on the...
/cc @thanm @cherrymui
Almost but not quite, we should also implement server-sig-algs on the server side before we can claim we're done. Then we can open follow-up issues for adding OpenSSH recorded tests,...
@cipherboy What you describe is tracked by #36261, and would be resolved by #52132. By the way, "CertAlgoRSASHA256v01 and CertAlgoRSASHA512v01 can't appear as a Certificate.Type (or PublicKey.Type)" doesn't mean they...
Ah, I was [hoping](https://words.filippo.io/dispatches/go1-20/) to do a round of x/crypto/ssh work once the stdlib freeze started, but losing compatibility with a widespread client would make this urgent. I'll look into...
Please test https://go.dev/cl/447757, which is a simplified version of golang/crypto#211. I also filed #56561 to track the changes necessary to make it possible to turn off `ssh-rsa`.
I am strongly in favor of using modules for vendoring in the standard library, instead of ad-hoc copies, but I don't see the reason to let applications override standard library...