Comment 54 for bug 907675

It's been a while since my last status update, mainly because I got a bit stalled on sorting out mypy type-checking for the PyNaCl fallback code. I came back to it this weekend, solved the problem I'd been stuck on, and finally made some decent progress:

 * updated https://github.com/twisted/twisted/pull/1607 to address review comments, simplifying the fallback code a fair bit in the process
 * wrote a similar fallback for curve25519 key exchange, which might not be worth sending upstream since it's only needed for even older OpenSSL versions than the ones that need the Ed25519 fallback
 * attempted to upgrade our Twisted backport to 21.2.0 to simplify the patch stack, only to discover that that won't work on 16.04's Python 3.5 due to relying on enhancements to the typing module that were added in later 3.5 patch releases
 * resigned myself to backporting all this to Twisted 20.3.0, prepared a draft branch for that (also including https://github.com/twisted/twisted/pull/1692, for https://answers.launchpad.net/launchpad/+question/700482), and got its tests passing on 16.04
 * prepared a lazr.sshserver branch with minor changes needed for RSA SHA-2 signature support
 * prepared a Launchpad branch to add an Ed25519 key type and accept uploads of Ed25519 public keys
 * successfully authenticated against a local Bazaar codehosting service using an Ed25519 key

With the exception of the mentioned Twisted pull requests, this is all just on my laptop so far, and it needs a bit more tidying up before I send it for review and start trying to get things landed. All the same, this is finally looking quite plausible, and we should be able to get it onto production soon.