I'd be fine with keeping that one in addition. But I would also like to add that these upstream changes (i.e. removing the 1Ki groups) is IMHO not enough action. Looking at the summaries at http://www.keylength.com/, basically all experts seem to agree that the next few group sizes above 1024 we're using are still weak and/or only for short or at best medium time ranges. E.g. ECRYPT II suggest that even 2048 isn't good enough for more than something between legacy and medium-term. Even if upstream is taking a nap here and doesn't react appropriately, then at least Debian should and remove all these groups. I doubt that it would have a noticeable effect on any parties (expect from being secure again) as the client's simply accept what the server gives them (well in a 1024<n<.... range). And if someone would really need those weak groups (for whatever weird reason), he can very easily create them himself (or Debian could provide the old file in a example dir). Right now however, we deliver a SSH which one cannot consider secure when DH is used, which IMHO is unacceptable, regardless of what one may think about compatibility. Cheers, Chris.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature