--- 1/draft-ietf-curdle-rsa-sha2-00.txt 2016-08-01 16:16:52.841924305 -0700 +++ 2/draft-ietf-curdle-rsa-sha2-01.txt 2016-08-01 16:16:52.857924712 -0700 @@ -1,18 +1,18 @@ Internet-Draft D. Bider Updates: 4252, 4253 (if approved) Bitvise Limited -Intended status: Standards Track March 10, 2016 -Expires: September 10, 2016 +Intended status: Standards Track August 1, 2016 +Expires: February 1, 2017 Use of RSA Keys with SHA-2 256 and 512 in Secure Shell (SSH) - draft-ietf-curdle-rsa-sha2-00.txt + draft-ietf-curdle-rsa-sha2-01.txt Abstract This memo defines an algorithm name, public key format, and signature format for use of RSA keys with SHA-2 512 for server and client authentication in SSH connections. Status This Internet-Draft is submitted in full conformance with the @@ -28,21 +28,21 @@ or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/1id-abstracts.html The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html Copyright - Copyright (c) 2015 IETF Trust and the persons identified as the + Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as @@ -125,23 +125,40 @@ or "rsa-sha2-512". 2.2. Use for client authentication To use this algorithm for client authentication, the SSH client sends an SSH_MSG_USERAUTH_REQUEST message [RFC4252] encoding the "publickey" method, and encoding the string field "public key algorithm name" with the value "rsa-sha2-256" or "rsa-sha2-512". The "public key blob" field encodes the RSA public key using the "ssh-rsa" algorithm name. The signature field, if present, encodes a signature using an - algorithm name that matches the SSH authentication request - either + algorithm name that MUST match the SSH authentication request - either "rsa-sha2-256", or "rsa-sha2-512". + For example, an SSH "publickey" authentication request using an + "rsa-sha2-512" signature would be properly encoded as follows: + + byte SSH_MSG_USERAUTH_REQUEST + string user name + string service name + string "publickey" + boolean TRUE + string "rsa-sha2-512" + string public key blob: + string "ssh-rsa" + mpint e + mpint n + string signature: + string "rsa-sha2-512" + string rsa_signature_blob + 3. Discovery of signature algorithms supported by servers Implementation experience has shown that there are servers which apply authentication penalties to clients attempting signature algorithms which the SSH server does not support. Servers that accept rsa-sha2-* signatures for client authentication SHOULD implement the extension negotiation mechanism defined in [SSH-EXT-INFO], including especially the "server-sig-algs" extension. @@ -206,21 +223,21 @@ [RFC3447] Jonsson, J. and B. Kaliski, "Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1", RFC 3447, February 2003. [RFC4252] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH) Authentication Protocol", RFC 4252, January 2006. [RFC4253] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH) Transport Layer Protocol", RFC 4253, January 2006. -6.2. Informative References +7.2. Informative References [800-131A] National Institute of Standards and Technology (NIST), "Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths", NIST Special Publication 800-131A, January 2011, . [RFC4250] Lehtinen, S. and C. Lonvick, Ed., "The Secure Shell (SSH) Protocol Assigned Numbers", RFC 4250, January 2006.