--- 1/draft-ietf-curdle-rsa-sha2-07.txt 2017-05-30 09:13:24.710869529 -0700 +++ 2/draft-ietf-curdle-rsa-sha2-08.txt 2017-05-30 09:13:24.734870097 -0700 @@ -1,18 +1,18 @@ Internet-Draft D. Bider Updates: 4252, 4253 (if approved) Bitvise Limited -Intended status: Standards Track May 4, 2017 -Expires: November 4, 2017 +Intended status: Standards Track May 30, 2017 +Expires: November 30, 2017 Use of RSA Keys with SHA-2 256 and 512 in Secure Shell (SSH) - draft-ietf-curdle-rsa-sha2-07.txt + draft-ietf-curdle-rsa-sha2-08.txt Abstract This memo updates RFC 4252 and RFC 4253 to define new public key algorithms for use of RSA keys with SHA-2 hashing for server and client authentication in SSH connections. Status This Internet-Draft is submitted in full conformance with the @@ -58,28 +58,28 @@ Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English. 1. Overview and Rationale Secure Shell (SSH) is a common protocol for secure communication on the Internet. In [RFC4253], SSH originally defined the public key algorithms "ssh-rsa" for server and client authentication using RSA - with SHA-1, and "ssh-dss" using 1024-bit DSA and SHA-1. - - A decade later, these algorithms are considered deficient. For US - government use, NIST has disallowed 1024-bit RSA and DSA, and use of - SHA-1 for signing [800-131A]. + with SHA-1, and "ssh-dss" using 1024-bit DSA and SHA-1. These + algorithms are now considered deficient. For US government use, NIST + has disallowed 1024-bit RSA and DSA, and use of SHA-1 for signing + [800-131A]. - This memo defines new public key algorithms allowing for interoperable - use of existing and new RSA keys with SHA-2 hashing. + This memo updates RFC 4252 and RFC 4253 to define new public key + algorithms allowing for interoperable use of existing and new RSA keys + with SHA-2 hashing. 1.1. Requirements Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 1.2. Wire Encoding Terminology The wire encoding types in this document - "boolean", "byte", @@ -157,22 +157,23 @@ To use this algorithm for client authentication, the SSH client sends an SSH_MSG_USERAUTH_REQUEST message [RFC4252] encoding the "publickey" method, and encoding the string field "public key algorithm name" with the value "rsa-sha2-256" or "rsa-sha2-512". The "public key blob" field encodes the RSA public key using the "ssh-rsa" public key format. The signature field, if present, encodes a signature using an algorithm name that MUST match the SSH authentication request - either "rsa-sha2-256", or "rsa-sha2-512". - For example, an SSH "publickey" authentication request using an - "rsa-sha2-512" signature would be properly encoded as follows: + For example, as defined in [RFC4252] and [RFC4253], an SSH "publickey" + authentication request using an "rsa-sha2-512" signature would be + properly encoded as follows: byte SSH_MSG_USERAUTH_REQUEST string user name string service name string "publickey" boolean TRUE string "rsa-sha2-512" string public key blob: string "ssh-rsa" mpint e @@ -299,23 +300,23 @@ [RFC6979] Pornin, T., "Deterministic Usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA)", RFC 6979, August 2013. [RFC8017] Moriarty, K., Kaliski, B., Jonsson, J. and Rusch, A., "PKCS #1: RSA Cryptography Specifications Version 2.2", RFC 8017, November 2016. [EXT-INFO] Bider, D., "Extension Negotiation in Secure Shell (SSH)", - draft-ietf-curdle-ssh-ext-info-06.txt, May 2017, + draft-ietf-curdle-ssh-ext-info-08.txt, May 2017, . + draft-ietf-curdle-ssh-ext-info-08>. [IANA-PKA] "Secure Shell (SSH) Protocol Parameters", . Author's Address Denis Bider Bitvise Limited Suites 41/42, Victoria House