Panos K.

"Temporary permanent" sounds like an oxymoron indeed, but it is basically what [draft-tls-westerbaan-xyber768d00](https://datatracker.ietf.org/doc/draft-tls-westerbaan-xyber768d00) and [draft-kwiatkowski-tls-ecdhe-kyber](https://datatracker.ietf.org/doc/html/draft-kwiatkowski-tls-ecdhe-kyber) did for TLS 1.3. They provided an IANA registry codepoint we can all use. So...

An update on the plan: ```draft-yee-ssh-iana-requirements``` is not ratified yet. We can't get an IANA codepoint until it is an RFC. Given that time is passing and we will have...

> In the long run we do want to see the standardized algorithms adopted in base OpenSSH, so we wouldn't fit that need once they've done so. There could be...

Could this be because the second argument in ```s2nd``` overrides the RSA passed first?

@grindsa this is fixed now. Try it out. Thank you for bringing it up. We forgot to renew it again. It does not matter but I am curious. How are...

Thanks for the details @grindsa . Understood. > One other small remark: I see that the certificate has a `CN=testrfc7030.com` but is missing an SubjectAltName for `testrfc7030.com`. This will sooner...

> BTW: if you are replacing the certificate an you please also sign it with ecdsa-with-sha256 instead of ecdsa-with-sha1. This will stop clients complaining about weak signature digest algorithm. >...

@lijintv07 , the short answer is no. We had done some prototype work to abstract out the underlying crypto library so people can use others, but this never got integrated...

@lijintv07 this is a significant amount of work. We did some prototyping to see how much it would take, but we have no plans to add support in the future....

Thanks for this @sumantgupta1984 . We have added OpenSSL 1.1.1 support and we will include it in the upcoming release of libest in a month or so.