| draft-ietf-curdle-rsa-sha2-00.txt | draft-ietf-curdle-rsa-sha2-01.txt | |||
|---|---|---|---|---|
| Internet-Draft D. Bider | Internet-Draft D. Bider | |||
| Updates: 4252, 4253 (if approved) Bitvise Limited | Updates: 4252, 4253 (if approved) Bitvise Limited | |||
| Intended status: Standards Track March 10, 2016 | Intended status: Standards Track August 1, 2016 | |||
| Expires: September 10, 2016 | Expires: February 1, 2017 | |||
| Use of RSA Keys with SHA-2 256 and 512 in Secure Shell (SSH) | Use of RSA Keys with SHA-2 256 and 512 in Secure Shell (SSH) | |||
| draft-ietf-curdle-rsa-sha2-00.txt | draft-ietf-curdle-rsa-sha2-01.txt | |||
| Abstract | Abstract | |||
| This memo defines an algorithm name, public key format, and signature | This memo defines an algorithm name, public key format, and signature | |||
| format for use of RSA keys with SHA-2 512 for server and client | format for use of RSA keys with SHA-2 512 for server and client | |||
| authentication in SSH connections. | authentication in SSH connections. | |||
| Status | Status | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| skipping to change at page 1, line 39 ¶ | skipping to change at page 1, line 39 ¶ | |||
| or to cite them other than as "work in progress." | or to cite them other than as "work in progress." | |||
| The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
| http://www.ietf.org/1id-abstracts.html | http://www.ietf.org/1id-abstracts.html | |||
| The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
| http://www.ietf.org/shadow.html | http://www.ietf.org/shadow.html | |||
| Copyright | Copyright | |||
| Copyright (c) 2015 IETF Trust and the persons identified as the | Copyright (c) 2016 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| skipping to change at page 3, line 37 ¶ | skipping to change at page 3, line 37 ¶ | |||
| or "rsa-sha2-512". | or "rsa-sha2-512". | |||
| 2.2. Use for client authentication | 2.2. Use for client authentication | |||
| To use this algorithm for client authentication, the SSH client sends | To use this algorithm for client authentication, the SSH client sends | |||
| an SSH_MSG_USERAUTH_REQUEST message [RFC4252] encoding the "publickey" | an SSH_MSG_USERAUTH_REQUEST message [RFC4252] encoding the "publickey" | |||
| method, and encoding the string field "public key algorithm name" with | method, and encoding the string field "public key algorithm name" with | |||
| the value "rsa-sha2-256" or "rsa-sha2-512". The "public key blob" | the value "rsa-sha2-256" or "rsa-sha2-512". The "public key blob" | |||
| field encodes the RSA public key using the "ssh-rsa" algorithm name. | field encodes the RSA public key using the "ssh-rsa" algorithm name. | |||
| The signature field, if present, encodes a signature using an | The signature field, if present, encodes a signature using an | |||
| algorithm name that matches the SSH authentication request - either | algorithm name that MUST match the SSH authentication request - either | |||
| "rsa-sha2-256", or "rsa-sha2-512". | "rsa-sha2-256", or "rsa-sha2-512". | |||
| For example, an SSH "publickey" authentication request using an | ||||
| "rsa-sha2-512" signature would be properly encoded as follows: | ||||
| byte SSH_MSG_USERAUTH_REQUEST | ||||
| string user name | ||||
| string service name | ||||
| string "publickey" | ||||
| boolean TRUE | ||||
| string "rsa-sha2-512" | ||||
| string public key blob: | ||||
| string "ssh-rsa" | ||||
| mpint e | ||||
| mpint n | ||||
| string signature: | ||||
| string "rsa-sha2-512" | ||||
| string rsa_signature_blob | ||||
| 3. Discovery of signature algorithms supported by servers | 3. Discovery of signature algorithms supported by servers | |||
| Implementation experience has shown that there are servers which apply | Implementation experience has shown that there are servers which apply | |||
| authentication penalties to clients attempting signature algorithms | authentication penalties to clients attempting signature algorithms | |||
| which the SSH server does not support. | which the SSH server does not support. | |||
| Servers that accept rsa-sha2-* signatures for client authentication | Servers that accept rsa-sha2-* signatures for client authentication | |||
| SHOULD implement the extension negotiation mechanism defined in | SHOULD implement the extension negotiation mechanism defined in | |||
| [SSH-EXT-INFO], including especially the "server-sig-algs" extension. | [SSH-EXT-INFO], including especially the "server-sig-algs" extension. | |||
| skipping to change at page 5, line 28 ¶ | skipping to change at page 5, line 31 ¶ | |||
| [RFC3447] Jonsson, J. and B. Kaliski, "Public-Key Cryptography | [RFC3447] Jonsson, J. and B. Kaliski, "Public-Key Cryptography | |||
| Standards (PKCS) #1: RSA Cryptography Specifications | Standards (PKCS) #1: RSA Cryptography Specifications | |||
| Version 2.1", RFC 3447, February 2003. | Version 2.1", RFC 3447, February 2003. | |||
| [RFC4252] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH) | [RFC4252] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH) | |||
| Authentication Protocol", RFC 4252, January 2006. | Authentication Protocol", RFC 4252, January 2006. | |||
| [RFC4253] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH) | [RFC4253] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH) | |||
| Transport Layer Protocol", RFC 4253, January 2006. | Transport Layer Protocol", RFC 4253, January 2006. | |||
| 6.2. Informative References | 7.2. Informative References | |||
| [800-131A] National Institute of Standards and Technology (NIST), | [800-131A] National Institute of Standards and Technology (NIST), | |||
| "Transitions: Recommendation for Transitioning the Use of | "Transitions: Recommendation for Transitioning the Use of | |||
| Cryptographic Algorithms and Key Lengths", NIST Special | Cryptographic Algorithms and Key Lengths", NIST Special | |||
| Publication 800-131A, January 2011, <http://csrc.nist.gov/ | Publication 800-131A, January 2011, <http://csrc.nist.gov/ | |||
| publications/nistpubs/800-131A/sp800-131A.pdf>. | publications/nistpubs/800-131A/sp800-131A.pdf>. | |||
| [RFC4250] Lehtinen, S. and C. Lonvick, Ed., "The Secure Shell (SSH) | [RFC4250] Lehtinen, S. and C. Lonvick, Ed., "The Secure Shell (SSH) | |||
| Protocol Assigned Numbers", RFC 4250, January 2006. | Protocol Assigned Numbers", RFC 4250, January 2006. | |||
| End of changes. 6 change blocks. | ||||
| 6 lines changed or deleted | 23 lines changed or added | |||
This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||