"using small 512-bit CA key modulus" misleading

[philfry]

Hi,

I'm running an SSH-CA with ECDSA to sign my host keys (in this example an ed25519 host key). ssh-audit complains about

(key) [email protected] (256-bit cert/512-bit ecdsa-sha2-nistp256 CA) -- [fail] using small 512-bit CA key modulus (rec) [email protected] -- key algorithm to remove

Since ECDSA does not have a modulus the failure is misleading. The check either should only apply to RSA CAs or be adapted to support elliptic curve CAs key sizes.

Thanks!