===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/64.html,v
retrieving revision 1.49
retrieving revision 1.50
diff -c -r1.49 -r1.50
*** www/64.html	2018/10/14 15:53:25	1.49
--- www/64.html	2018/10/14 15:55:39	1.50
***************
*** 324,353 ****
      <ul>
      <li>New features:
        <ul>
!       <li>In most places in <a href="http://man.openbsd.org/ssh.1">ssh(1)</a>
!          and <a href="http://man.openbsd.org/sshd.8">sshd(8)</a> where port
!          numbers are used, service names (from /etc/services) can now be used.
!       <li>The <a href="http://man.openbsd.org/ssh.1">ssh(1)</a> IdentityAgent
!          configuration directive now accepts environment variable names. This
!          supports the use of multiple agent sockets without needing to use
!          fixed paths.
        <li>Support signalling sessions via the SSH protocol in
           <a href="http://man.openbsd.org/sshd.8">sshd(8)</a>.
!       <li>"ssh -Q sig" can be used to list supported signature options.
!          Also "ssh -Q help" will show the full set of supported queries.
!       <li>The new CASignatureAlgorithms option in <a
!          href="http://man.openbsd.org/ssh.1">ssh(1)</a> and <a
!          href="http://man.openbsd.org/sshd.8">sshd(8)</a> controlls the allowed
!          signature formats for CAs to sign certificates with. For example, this
!          allows banning CAs that sign certificates using the RSA-SHA1 signature
!          algorithm.
!       <li>Key revocation lists (KRLs) can now contain keys specified by SHA256
!          hash. These lists are managed by <a
!          href="http://man.openbsd.org/ssh-keygen.8">ssh-keygen(8)</a>. In
           addition, KRLs can now be created from base64-encoded SHA256
!          fingerprints, i.e. from only the information contained in <a
!          href="http://man.openbsd.org/sshd.8">sshd(8)</a> authentication log
!          messages.
        </ul>
      </ul>
  <p>
--- 324,356 ----
      <ul>
      <li>New features:
        <ul>
!       <li>In most places
!          in <a href="http://man.openbsd.org/ssh.1">ssh(1)</a>
!          and <a href="http://man.openbsd.org/sshd.8">sshd(8)</a> where
!          port numbers are used, service names (from /etc/services) can
!          now be used.
!       <li>The <a href="http://man.openbsd.org/ssh.1">ssh(1)</a>
!          IdentityAgent configuration directive now accepts environment
!          variable names. This supports the use of multiple agent
!          sockets without needing to use fixed paths.
        <li>Support signalling sessions via the SSH protocol in
           <a href="http://man.openbsd.org/sshd.8">sshd(8)</a>.
!       <li>"ssh -Q sig" can be used to list supported signature
!          options.  Also "ssh -Q help" will show the full set of
!          supported queries.
!       <li>The new CASignatureAlgorithms option
!          in <a href="http://man.openbsd.org/ssh.1">ssh(1)</a>
!          and <a href="http://man.openbsd.org/sshd.8">sshd(8)</a>
!          controlls the allowed signature formats for CAs to sign
!          certificates with. For example, this allows banning CAs that
!          sign certificates using the RSA-SHA1 signature algorithm.
!       <li>Key revocation lists (KRLs) can now contain keys specified
!          by SHA256 hash. These lists are managed
!          by <a href="http://man.openbsd.org/ssh-keygen.8">ssh-keygen(8)</a>. In
           addition, KRLs can now be created from base64-encoded SHA256
!          fingerprints, i.e. from only the information contained
!          in <a href="http://man.openbsd.org/sshd.8">sshd(8)</a>
!          authentication log messages.
        </ul>
      </ul>
  <p>