--- 1/draft-ietf-curdle-rsa-sha2-10.txt 2017-10-10 05:21:28.742281956 -0700 +++ 2/draft-ietf-curdle-rsa-sha2-11.txt 2017-10-10 05:21:28.766282525 -0700 @@ -1,18 +1,18 @@ Internet-Draft D. Bider Updates: 4252, 4253 (if approved) Bitvise Limited -Intended status: Standards Track August 22, 2017 -Expires: February 22, 2018 +Intended status: Standards Track October 6, 2017 +Expires: April 6, 2018 Use of RSA Keys with SHA-2 256 and 512 in Secure Shell (SSH) - draft-ietf-curdle-rsa-sha2-10.txt + draft-ietf-curdle-rsa-sha2-11.txt Abstract This memo updates RFC 4252 and RFC 4253 to define new public key algorithms for use of RSA keys with SHA-2 hashing for server and client authentication in SSH connections. Status This Internet-Draft is submitted in full conformance with the @@ -215,24 +215,24 @@ rsa-sha2-256 ssh-rsa [this document] Section 3 rsa-sha2-512 ssh-rsa [this document] Section 3 5. Security Considerations The security considerations of [RFC4251] apply to this document. 5.1. Key Size and Signature Hash The National Institute of Standards and Technology (NIST) Special - Publication 800-131A [800-131A] disallows the use of RSA and DSA keys - shorter than 2048 bits for US government use after 2013. The same - document disallows the SHA-1 hash function, as used in the "ssh-rsa" - and "ssh-dss" algorithms, for digital signature generation after 2013. + Publication 800-131A, Revision 1 [800-131A], disallows the use of RSA + and DSA keys shorter than 2048 bits for US government use. The same + document disallows the SHA-1 hash function for digital signature + generation, except under NIST's protocol-specific guidance. 5.2. Transition This document is based on the premise that RSA is used in environments where a gradual, compatible transition to improved algorithms will be better received than one that is abrupt and incompatible. It advises that SSH implementations add support for new RSA public key algorithms along with SSH_MSG_EXT_INFO and the "server-sig-algs" extension to allow coexistence of new deployments with older versions that support only "ssh-rsa". Nevertheless, implementations SHOULD start to disable @@ -273,38 +273,39 @@ Authentication Protocol", RFC 4252, January 2006. [RFC4253] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH) Transport Layer Protocol", RFC 4253, January 2006. 6.2. Informative References [800-131A] National Institute of Standards and Technology (NIST), "Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths", NIST Special - Publication 800-131A, January 2011, . + Publication 800-131A, Revision 1, November 2015, + . [RFC4250] Lehtinen, S. and C. Lonvick, Ed., "The Secure Shell (SSH) Protocol Assigned Numbers", RFC 4250, January 2006. [RFC6979] Pornin, T., "Deterministic Usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA)", RFC 6979, August 2013. [RFC8017] Moriarty, K., Kaliski, B., Jonsson, J. and Rusch, A., "PKCS #1: RSA Cryptography Specifications Version 2.2", RFC 8017, November 2016. [EXT-INFO] Bider, D., "Extension Negotiation in Secure Shell (SSH)", - draft-ietf-curdle-ssh-ext-info-12.txt, August 2017, + draft-ietf-curdle-ssh-ext-info-15.txt, September 2017, . + draft-ietf-curdle-ssh-ext-info-15>. [IANA-PKA] "Secure Shell (SSH) Protocol Parameters", . Author's Address Denis Bider Bitvise Limited 4105 Lombardy Court