Diff: draft-ietf-curdle-ssh-ed25519-ed448-08.txt - draft-ietf-curdle-ssh-ed25519-ed448-09.txt

	draft-ietf-curdle-ssh-ed25519-ed448-08.txt	draft-ietf-curdle-ssh-ed25519-ed448-09.txt

	Internet Engineering Task Force B. Harris	Internet Engineering Task Force B. Harris
	Internet-Draft	Internet-Draft
	Intended status: Standards Track L. Velvindron	Intended status: Standards Track L. Velvindron

	Expires: July 20, 2019 cyberstorm.mu	Expires: January 31, 2020 cyberstorm.mu
	January 16, 2019	July 30, 2019

	Ed25519 and Ed448 public key algorithms for the Secure Shell (SSH)	Ed25519 and Ed448 public key algorithms for the Secure Shell (SSH)
	protocol	protocol

	draft-ietf-curdle-ssh-ed25519-ed448-08	draft-ietf-curdle-ssh-ed25519-ed448-09

	Abstract	Abstract

	This document describes the use of the Ed25519 and Ed448 digital	This document describes the use of the Ed25519 and Ed448 digital
	signature algorithm in the Secure Shell (SSH) protocol.	signature algorithm in the Secure Shell (SSH) protocol.

	Status of This Memo	Status of This Memo

	This Internet-Draft is submitted in full conformance with the	This Internet-Draft is submitted in full conformance with the
	provisions of BCP 78 and BCP 79.	provisions of BCP 78 and BCP 79.

	skipping to change at page 1, line 33 ¶	skipping to change at page 1, line 33 ¶
	Internet-Drafts are working documents of the Internet Engineering	Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF). Note that other groups may also distribute	Task Force (IETF). Note that other groups may also distribute
	working documents as Internet-Drafts. The list of current Internet-	working documents as Internet-Drafts. The list of current Internet-
	Drafts is at https://datatracker.ietf.org/drafts/current/.	Drafts is at https://datatracker.ietf.org/drafts/current/.

	Internet-Drafts are draft documents valid for a maximum of six months	Internet-Drafts are draft documents valid for a maximum of six months
	and may be updated, replaced, or obsoleted by other documents at any	and may be updated, replaced, or obsoleted by other documents at any
	time. It is inappropriate to use Internet-Drafts as reference	time. It is inappropriate to use Internet-Drafts as reference
	material or to cite them other than as "work in progress."	material or to cite them other than as "work in progress."


	This Internet-Draft will expire on July 20, 2019.	This Internet-Draft will expire on January 31, 2020.

	Copyright Notice	Copyright Notice

	Copyright (c) 2019 IETF Trust and the persons identified as the	Copyright (c) 2019 IETF Trust and the persons identified as the
	document authors. All rights reserved.	document authors. All rights reserved.

	This document is subject to BCP 78 and the IETF Trust's Legal	This document is subject to BCP 78 and the IETF Trust's Legal
	Provisions Relating to IETF Documents	Provisions Relating to IETF Documents
	(https://trustee.ietf.org/license-info) in effect on the date of	(https://trustee.ietf.org/license-info) in effect on the date of
	publication of this document. Please review these documents	publication of this document. Please review these documents

	skipping to change at page 3, line 40 ¶	skipping to change at page 3, line 40 ¶
	string signature	string signature

	Here 'signature' is the 64-octet signature produced in accordance	Here 'signature' is the 64-octet signature produced in accordance
	with [RFC8032], Section 5.1.6 [RFC8032].	with [RFC8032], Section 5.1.6 [RFC8032].

	The "ssh-ed448" key format has the following encoding:	The "ssh-ed448" key format has the following encoding:

	string "ssh-ed448"	string "ssh-ed448"
	string signature	string signature


	Here 'signature' is the 57-octet signature produced in accordance	Here 'signature' is the 114-octet signature produced in accordance
	with [RFC8032], Section 5.2.6 [RFC8032].	with [RFC8032], Section 5.2.6 [RFC8032].

	7. Verification Algorithm	7. Verification Algorithm

	ED25519 signatures are verified according to the procedure in	ED25519 signatures are verified according to the procedure in
	[RFC8032], Section 5.1.7 [RFC8032].	[RFC8032], Section 5.1.7 [RFC8032].

	ED448 signatures are verified according to the procedure in	ED448 signatures are verified according to the procedure in
	[RFC8032], Section 5.2.7 [RFC8032].	[RFC8032], Section 5.2.7 [RFC8032].


	skipping to change at page 4, line 20 ¶	skipping to change at page 4, line 20 ¶
	the generation of SSHFP resource records for "ssh-ed448" keys and the	the generation of SSHFP resource records for "ssh-ed448" keys and the
	document specifies the corresponding Ed448 code point to the "SSHFP	document specifies the corresponding Ed448 code point to the "SSHFP
	RR Types for public key algorithms" IANA registry.	RR Types for public key algorithms" IANA registry.

	The generation of SSHFP resource records for "ssh-ed25519" keys is	The generation of SSHFP resource records for "ssh-ed25519" keys is
	described in [RFC7479].	described in [RFC7479].

	The generation of SSHFP resource records for "ssh-ed448" keys is	The generation of SSHFP resource records for "ssh-ed448" keys is
	described as follows.	described as follows.


		The encoding of ed448 public keys is described in [ED448]. In brief,
		an ed448 public key is a 57-octet value representing a 455-bit
		y-coordinate of an elliptic curve point, and a sign bit indicating
		the the corresponding x-coordinate.

	the SSHFP Resource Record for the Ed448 public key with SHA-256	the SSHFP Resource Record for the Ed448 public key with SHA-256
	fingerprint would be example be:	fingerprint would be example be:

	example.com. IN SSHFP TBD 2 ( a87f1b687ac0e57d2a081a2f2826723	example.com. IN SSHFP TBD 2 ( a87f1b687ac0e57d2a081a2f2826723
	34d90ed316d2b818ca9580ea384d924 01 )	34d90ed316d2b818ca9580ea384d924 01 )

	The 2 here indicates SHA-256 [RFC6594].	The 2 here indicates SHA-256 [RFC6594].

	9. IANA Considerations	9. IANA Considerations


	skipping to change at page 5, line 22 ¶	skipping to change at page 5, line 28 ¶
	The security considerations in [RFC4251], Section 9 [RFC4251] apply	The security considerations in [RFC4251], Section 9 [RFC4251] apply
	to all SSH implementations, including those using Ed25519 and Ed448.	to all SSH implementations, including those using Ed25519 and Ed448.

	The security considerations in [RFC8032], Section 8 [RFC8032] and	The security considerations in [RFC8032], Section 8 [RFC8032] and
	[RFC7479] apply to all uses of Ed25519 and Ed448 including those in	[RFC7479] apply to all uses of Ed25519 and Ed448 including those in
	SSH.	SSH.

	11. Acknowledgements	11. Acknowledgements

	The OpenSSH implementation of Ed25519 in SSH was written by Markus	The OpenSSH implementation of Ed25519 in SSH was written by Markus

	Friedl. We are also grateful to Mark Baushke and Daniel Migault for	Friedl. We are also grateful to Mark Baushke, Benjamin Kaduk and
	their comments.	Daniel Migault for their comments.

	12. References	12. References

	12.1. Normative References	12.1. Normative References

	[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate	[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
	Requirement Levels", BCP 14, RFC 2119,	Requirement Levels", BCP 14, RFC 2119,
	DOI 10.17487/RFC2119, March 1997,	DOI 10.17487/RFC2119, March 1997,
	<https://www.rfc-editor.org/info/rfc2119>.	<https://www.rfc-editor.org/info/rfc2119>.


	skipping to change at page 6, line 18 ¶	skipping to change at page 6, line 23 ¶
	DOI 10.17487/RFC6594, April 2012,	DOI 10.17487/RFC6594, April 2012,
	<https://www.rfc-editor.org/info/rfc6594>.	<https://www.rfc-editor.org/info/rfc6594>.

	[RFC8032] Josefsson, S. and I. Liusvaara, "Edwards-Curve Digital	[RFC8032] Josefsson, S. and I. Liusvaara, "Edwards-Curve Digital
	Signature Algorithm (EdDSA)", RFC 8032,	Signature Algorithm (EdDSA)", RFC 8032,
	DOI 10.17487/RFC8032, January 2017,	DOI 10.17487/RFC8032, January 2017,
	<https://www.rfc-editor.org/info/rfc8032>.	<https://www.rfc-editor.org/info/rfc8032>.

	12.2. Informative References	12.2. Informative References


		[ED448] Hamburg, M., "Ed448-Goldilocks, a new elliptic curve",
		January 2015, <https://eprint.iacr.org/2015/625.pdf>.

	[IANA-PKA]	[IANA-PKA]
	Internet Assigned Numbers Authority (IANA), "Secure Shell	Internet Assigned Numbers Authority (IANA), "Secure Shell
	(SSH) Protocol Parameters: Public Key Algorithm Names",	(SSH) Protocol Parameters: Public Key Algorithm Names",
	May 2017, <http://www.iana.org/assignments/ssh-parameters/	May 2017, <http://www.iana.org/assignments/ssh-parameters/
	ssh-parameters.xhtml#ssh-parameters-19>.	ssh-parameters.xhtml#ssh-parameters-19>.

	[IANA-SSHFP]	[IANA-SSHFP]
	Internet Assigned Numbers Authority (IANA), "Secure Shell	Internet Assigned Numbers Authority (IANA), "Secure Shell
	(SSH) Protocol Parameters: Public Key Algorithm Names",	(SSH) Protocol Parameters: Public Key Algorithm Names",
	May 2017, <https://www.iana.org/assignments/dns-sshfp-rr-	May 2017, <https://www.iana.org/assignments/dns-sshfp-rr-

	skipping to change at page 7, line 4 ¶	skipping to change at page 7, line 13 ¶
	<https://www.rfc-editor.org/info/rfc7479>.	<https://www.rfc-editor.org/info/rfc7479>.

	Authors' Addresses	Authors' Addresses

	Ben Harris	Ben Harris
	2A Eachard Road	2A Eachard Road
	CAMBRIDGE CB3 0HY	CAMBRIDGE CB3 0HY
	UNITED KINGDOM	UNITED KINGDOM

	Email: bjh21@bjh21.me.uk	Email: bjh21@bjh21.me.uk


	Loganaden Velvindron	Loganaden Velvindron
	cyberstorm.mu	cyberstorm.mu
	88, Avenue De Plevitz	88, Avenue De Plevitz
	Roches Brunes	Roches Brunes
	Mauritius	Mauritius


	Email: loganaden@gmail.com	Email: logan@cyberstorm.mu

End of changes. 9 change blocks.
	7 lines changed or deleted	16 lines changed or added
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/