Hello. Post-quantum cryptographic primitives sntrup761x25519-sha512@openssh.com and chacha20-poly1305@openssh.com were introduced in OpenSSH respectively in v. 8.5, as default in v. 9.0, and v. 6.5, promoted default cipher in v. 6.9. I mistaken by conceiving that the project has for policy to solely accept to integrate algorithm implementations which have been standardised either by a recognised national or internal standards entity. At this very time, it seems there is no such standard for NTRU. It's worth noting that NIST recently decided not to select NTRU for standardisation. It instead selected CRYSTALS-Kyber in this respect. What could have happened for it to be integrated in this project, when apparently nothing intended it for this destiny? Has it ever occurred to any of you developers that a such integration might be inappropriate? It's surprising to say the least. (*) https://nvlpubs.nist.gov/nistpubs/ir/2022/NIST.IR.8413.pdf#page=47&zoom=100,120,546
chacha20-poly1305 isn't a PQ algorithm. It's an AEAD and is AFAIK out of scope for PQ work. We'll almost certainly support Kyber as a KEM once the dust settles from the standardisation process, but have no intention of removing support for the existing PQ KEM in the short-medium term.
Closing bugs from OpenSSH 9.1 release cycle