This link was posted by kieto 2 hours ago on HN. It received 140 points and 73 comments.
reply
Establishing a new session with SSHv2 can take 5 to 7 network round-trip times, which can easily be noticed by the user. SSH3 only needs 3 round-trip times.
TIL one of QUIC's bigger selling points is reducing crypto negotiation roundtrips.
reply
X.509 certificates: you can now use your classical HTTPS cerificates to authenticate your SSH3 server. This mechanism is more secure than the classical SSHv2 host key mechanism. Certificates can be obtained easily using LetsEncrypt for instance.
This is really not a good idea, because it allows rogue/negligent Certificate Authorities to masquerade as your server. With SSHv2, nobody can masquerade as your server, unless they somehow steal your server's privkey.
The claim in the above quote (that SSHv2 is less secure) refers to the fact that you have to manually verify the server's pubkey/fingerprint, which a lot of people don't do. That isn't insecure; it's just inconvenient. SSH3's solution is more convenient and, in fact, less secure.
Fortunately, you don't have to use x.509 certificates in SSHv3, so this is only a security problem for people who don't understand TLS's PKI (which is a lot of people).