Among other changes 10.4 adds post-quantum keys (composite ML-DSA 44 and Ed25519), not enabled by default.
When pq key agreement was added in 2019, it took almost 3 years for it to become enabled by default. This isn't criticism, just an observation. I don't have a pressing need for pq sigs. Always happy for new OpenSSH releases though!
<!--
DO NOT EDIT MANUALLY! This is generated from:
www/build/openssh/releasenotes.html.head
www/build/openssh/releasenotes.html.tail
See comments in www/build/openssh/Makefile for details.
-->
When pq key agreement was added in 2019, it took almost 3 years for it to become enabled by default. This isn't criticism, just an observation. I don't have a pressing need for pq sigs. Always happy for new OpenSSH releases though!
The draft was only published a few months ago:
* https://datatracker.ietf.org/doc/draft-miller-sshm-mldsa44-e...
The draft is a 'personal document', so not associated with the IETF/WG.
* https://www.openssh.org/releasenotes.html#10.4
Anyone know if these projects accept PRs to improve these kinds of things, like legibility? Or is it a point of pride?
* https://man.openbsd.org/ssh_config.5#MACs
* https://man.openbsd.org/sshd_config.5#MACs
ETM, encrypt-than-mac, variants are at the front of the preference list.
* https://en.wikipedia.org/wiki/UMAC_(cryptography)