From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.2 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.4
Received: (qmail 9037 invoked from network); 26 Nov 2023 14:49:09 -0000
Received: from 9front.inri.net (168.235.81.73)
  by inbox.vuxu.org with ESMTPUTF8; 26 Nov 2023 14:49:09 -0000
Received: from wout3-smtp.messagingengine.com ([64.147.123.19]) by 9front; Sun Nov 26 09:46:22 -0500 2023
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41])
	by mailout.west.internal (Postfix) with ESMTP id 969F53200A42
	for <9front@9front.org>; Sun, 26 Nov 2023 09:46:19 -0500 (EST)
Received: from mailfrontend1 ([10.202.2.162])
  by compute1.internal (MEProxy); Sun, 26 Nov 2023 09:46:19 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bolddaemon.com;
	 h=cc:content-transfer-encoding:content-type:content-type:date
	:date:from:from:in-reply-to:in-reply-to:message-id:mime-version
	:references:reply-to:sender:subject:subject:to:to; s=fm1; t=
	1701009979; x=1701096379; bh=INtzWo3Yr6Xl57kvtsELRsXQe4eapn6tFnz
	dRJH+aRQ=; b=mBmkw0OLyySaa/PZtLLiFlD92FWJmm1MsUupmChouYmEqqOptMN
	aOxRzodN0NDYXkN7NTqbGbLabCos4UBlTeXUgejNb+I97/2fSUoPfCqtD2k4H5Um
	wEim2hb1Kq+bNCvkMyAdvXaCBbJK43opNnKSb01NBFbdjNp/RsaM+G9Sj5xGRFbp
	BxmyAsz85CHbe/9IhZC/QNW3Pbfuv5Ru1c09p8/HZQQt/d+qKW8CYOKDsdP+I28+
	5xN6wtTf8Ic8fmeNYQotYqOYz0bnuBXeyNNeAu7XobjzHTa/03ukCnMnwSJTMmAo
	XRCIyYfCa4uTs/xuA3RqSAtcaInJIS6nGbg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-transfer-encoding:content-type
	:content-type:date:date:feedback-id:feedback-id:from:from
	:in-reply-to:in-reply-to:message-id:mime-version:references
	:reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy
	:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1701009979; x=
	1701096379; bh=INtzWo3Yr6Xl57kvtsELRsXQe4eapn6tFnzdRJH+aRQ=; b=S
	2DXg0WtLUC31hdjIVKKugZUfeTj5hJXmzQSlGz5Wft5w2EH+rAIVqaKJGf1CQzwh
	1seHKe7VeuFr5VTjd9EQrnHDaxpN3Tp2uUwM+1xWo+BQZdV0wH+LTE56yMiZT+mM
	MewjhpxylTmheuaQnmaQlZ4uCjv37jqdODOFP4//q5gjtXgPB9j6Lr8WDwvRp4nS
	NtPmePp+0P6D6g5TABqRSTKZJO/bRU0EHhtFkcPJdap8P/vYkYaZ+bbzX0eHqqHK
	+/3rzqdxAFa50mlR41mlRQJaUrrzVf61uaa7kZGoocfs87bwAzFkhtUVew9yoJm0
	uKY6IZ5GmTsKs7Atc/sow==
X-ME-Sender: <xms:OlpjZYuupTstnu-RhTQvqemKoo8a_zf9C8WQh4jKGasP4sDghLBHbg>
    <xme:OlpjZVdPdvpepLKus7IC69zF5J0nMoCx13zQjS4VNuEmErvoVXbZteYP-vPQ2ZI9z
    b9rLiDb9p8o_YE5dg>
X-ME-Received: <xmr:OlpjZTxKPH3kHITXUs1Fvxea8BqVsLnPBxWUxMiO7Msz5RCBKMVCNU4_h8v2BTI1UQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrudehledgjeduucetufdoteggodetrfdotf
    fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
    uceurghilhhouhhtmecufedttdenucenucfjughrpefkffggfgfuvfhfhfgjtgfgsehtje
    ertddtvdejnecuhfhrohhmpeetrghrohhnuceuihgvsggvrhcuoegrrghrohhnsegsohhl
    uggurggvmhhonhdrtghomheqnecuggftrfgrthhtvghrnhepieejfeevtedtjeduvdduud
    eigfelkeekkeeuleelvdfhjefhvdekkeehleeiveeinecuffhomhgrihhnpehophgvnhgs
    shgurdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrh
    homheprggrrhhonhessgholhguuggrvghmohhnrdgtohhm
X-ME-Proxy: <xmx:OlpjZbPvkDkdyREr0GTlVwbZHg-8BUkpzKfY_LsQ9ggkvuFV_qSE5Q>
    <xmx:OlpjZY-lWCln4k4EUMuLNIrx_NJQBZSxtcJozSr_n8BRHsOYDfxMnA>
    <xmx:OlpjZTWUN2L07GZoo_NI5ihNdqWpCYB3K7nCLGrZ9HG1FrgZBl7owg>
    <xmx:O1pjZRJ23rSJ4A5eTn8IjamvkUErL2RPv_uRBpP2sS5owU3BisnE_Q>
Feedback-ID: i545840d3:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA for
 <9front@9front.org>; Sun, 26 Nov 2023 09:46:18 -0500 (EST)
Message-ID: <fd0cf878-4ca2-454a-bd93-b4236f09e598@bolddaemon.com>
Date: Sun, 26 Nov 2023 07:46:16 -0700
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: 9front@9front.org
References: <24C7BEB91790A8E82022C1B2163DD4D6@felloff.net>
From: Aaron Bieber <aaron@bolddaemon.com>
In-Reply-To: <24C7BEB91790A8E82022C1B2163DD4D6@felloff.net>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
List-ID: <9front.9front.org>
List-Help: <http://lists.9front.org>
X-Glyph: ➈
X-Bullshit: virtual compliant WEB2.0 over WEB2.0 rich-client component-oriented controller 
Subject: Re: [9front] auth/rsagen: bump bits to 4096
Reply-To: 9front@9front.org
Precedence: bulk

On 11/26/23 05:48, cinap_lenrek@felloff.net wrote:
> whats your justification?

OpenSSH has defaulted to 3072 since 2019[1]. OpenSSH has also moved away 
from RSA[2].

My reasoning is basically since we don't have alternative key types 
(ed25519, ecdsa) for
general usage / ssh, bump the default to the highest available.

[1] 
https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh-keygen.c?rev=1.328&content-type=text/x-cvsweb-markup
[2] 
https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh-keygen.c?rev=1.273&content-type=text/x-cvsweb-markup
>
> --
> cinap