
RFC 8332: Use of RSA Keys with SHA-256 and SHA-512 in the Secure Shell Protocol - throw0101a
https://tools.ietf.org/html/rfc8332
======
throw0101a
Section 1 (emph. added):

> _This memo updates RFCs 4252 and 4253 to define new public key algorithms
> allowing for interoperable_ use of existing _and new RSA keys with SHA-256
> and SHA-512._

Then further in Section 3:

> _These_ [new] _algorithms are suitable for use both in the SSH transport
> layer [RFC4253] for server authentication and in the authentication layer
> [RFC4252] for client authentication._

Specifically:

> _Since RSA keys are not dependent on the choice of hash function, the new
> public key algorithms reuse the "ssh-rsa" public key format as defined in
> [RFC4253] […]. All aspects of the "ssh-rsa" format are kept, including the
> encoded string "ssh-rsa". This allows existing RSA keys to be used with the
> new public key algorithms,_ without requiring re-encoding or affecting
> _already trusted key fingerprints._

So this change is about the over-the-wire protocol and verifying identities,
and not about the on-the-disk format of keys.

