djm's personal weblog
Tuesday, 17 February 2015
Hostkey rotation, redux
A couple of weeks ago I described the host key rotation support forthcoming in OpenSSH 6.8. Almost immediately after smugly declaring &quo...
Sunday, 1 February 2015
Key rotation in OpenSSH 6.8+
Update: Two things that I neglected to mention in the above: 1) host keys that are not offered as part of the server->client notificati...
Monday, 6 October 2014
Mandatory data retention in Australia
Once again their are proposals for mandatory retention of Australian Internet data to improve domestic surveillance. I think these are a t...
Tuesday, 14 January 2014
Hostname canonicalisation in OpenSSH
OpenSSH 6.5 will introduce some new options to allow the client to canonicalise unqualified domain names, allowing it (for example) to unde...
Tuesday, 10 December 2013
PGP keys rotated
I just (belatedly) rotated my PGP keys. The old ID was 86FF9C48 and the new 6D920D30 with a fingerprint of 59C2 118E D206 D927 E667 EBE3 D...
Friday, 29 November 2013
ChaCha20 and Poly1305 in OpenSSH
Recently, I committed support for a new authenticated encryption cipher for OpenSSH, firstname.lastname@example.org . This cipher combines t...
View web version