draft-ietf-curdle-ssh-ed25519-ed448-08.txt   draft-ietf-curdle-ssh-ed25519-ed448-09.txt 
Internet Engineering Task Force B. Harris Internet Engineering Task Force B. Harris
Internet-Draft Internet-Draft
Intended status: Standards Track L. Velvindron Intended status: Standards Track L. Velvindron
Expires: July 20, 2019 cyberstorm.mu Expires: January 31, 2020 cyberstorm.mu
January 16, 2019 July 30, 2019
Ed25519 and Ed448 public key algorithms for the Secure Shell (SSH) Ed25519 and Ed448 public key algorithms for the Secure Shell (SSH)
protocol protocol
draft-ietf-curdle-ssh-ed25519-ed448-08 draft-ietf-curdle-ssh-ed25519-ed448-09
Abstract Abstract
This document describes the use of the Ed25519 and Ed448 digital This document describes the use of the Ed25519 and Ed448 digital
signature algorithm in the Secure Shell (SSH) protocol. signature algorithm in the Secure Shell (SSH) protocol.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
skipping to change at page 1, line 33 skipping to change at page 1, line 33
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on July 20, 2019. This Internet-Draft will expire on January 31, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 40 skipping to change at page 3, line 40
string signature string signature
Here 'signature' is the 64-octet signature produced in accordance Here 'signature' is the 64-octet signature produced in accordance
with [RFC8032], Section 5.1.6 [RFC8032]. with [RFC8032], Section 5.1.6 [RFC8032].
The "ssh-ed448" key format has the following encoding: The "ssh-ed448" key format has the following encoding:
string "ssh-ed448" string "ssh-ed448"
string signature string signature
Here 'signature' is the 57-octet signature produced in accordance Here 'signature' is the 114-octet signature produced in accordance
with [RFC8032], Section 5.2.6 [RFC8032]. with [RFC8032], Section 5.2.6 [RFC8032].
7. Verification Algorithm 7. Verification Algorithm
ED25519 signatures are verified according to the procedure in ED25519 signatures are verified according to the procedure in
[RFC8032], Section 5.1.7 [RFC8032]. [RFC8032], Section 5.1.7 [RFC8032].
ED448 signatures are verified according to the procedure in ED448 signatures are verified according to the procedure in
[RFC8032], Section 5.2.7 [RFC8032]. [RFC8032], Section 5.2.7 [RFC8032].
skipping to change at page 4, line 20 skipping to change at page 4, line 20
the generation of SSHFP resource records for "ssh-ed448" keys and the the generation of SSHFP resource records for "ssh-ed448" keys and the
document specifies the corresponding Ed448 code point to the "SSHFP document specifies the corresponding Ed448 code point to the "SSHFP
RR Types for public key algorithms" IANA registry. RR Types for public key algorithms" IANA registry.
The generation of SSHFP resource records for "ssh-ed25519" keys is The generation of SSHFP resource records for "ssh-ed25519" keys is
described in [RFC7479]. described in [RFC7479].
The generation of SSHFP resource records for "ssh-ed448" keys is The generation of SSHFP resource records for "ssh-ed448" keys is
described as follows. described as follows.
The encoding of ed448 public keys is described in [ED448]. In brief,
an ed448 public key is a 57-octet value representing a 455-bit
y-coordinate of an elliptic curve point, and a sign bit indicating
the the corresponding x-coordinate.
the SSHFP Resource Record for the Ed448 public key with SHA-256 the SSHFP Resource Record for the Ed448 public key with SHA-256
fingerprint would be example be: fingerprint would be example be:
example.com. IN SSHFP TBD 2 ( a87f1b687ac0e57d2a081a2f2826723 example.com. IN SSHFP TBD 2 ( a87f1b687ac0e57d2a081a2f2826723
34d90ed316d2b818ca9580ea384d924 01 ) 34d90ed316d2b818ca9580ea384d924 01 )
The 2 here indicates SHA-256 [RFC6594]. The 2 here indicates SHA-256 [RFC6594].
9. IANA Considerations 9. IANA Considerations
skipping to change at page 5, line 22 skipping to change at page 5, line 28
The security considerations in [RFC4251], Section 9 [RFC4251] apply The security considerations in [RFC4251], Section 9 [RFC4251] apply
to all SSH implementations, including those using Ed25519 and Ed448. to all SSH implementations, including those using Ed25519 and Ed448.
The security considerations in [RFC8032], Section 8 [RFC8032] and The security considerations in [RFC8032], Section 8 [RFC8032] and
[RFC7479] apply to all uses of Ed25519 and Ed448 including those in [RFC7479] apply to all uses of Ed25519 and Ed448 including those in
SSH. SSH.
11. Acknowledgements 11. Acknowledgements
The OpenSSH implementation of Ed25519 in SSH was written by Markus The OpenSSH implementation of Ed25519 in SSH was written by Markus
Friedl. We are also grateful to Mark Baushke and Daniel Migault for Friedl. We are also grateful to Mark Baushke, Benjamin Kaduk and
their comments. Daniel Migault for their comments.
12. References 12. References
12.1. Normative References 12.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
skipping to change at page 6, line 18 skipping to change at page 6, line 23
DOI 10.17487/RFC6594, April 2012, DOI 10.17487/RFC6594, April 2012,
<https://www.rfc-editor.org/info/rfc6594>. <https://www.rfc-editor.org/info/rfc6594>.
[RFC8032] Josefsson, S. and I. Liusvaara, "Edwards-Curve Digital [RFC8032] Josefsson, S. and I. Liusvaara, "Edwards-Curve Digital
Signature Algorithm (EdDSA)", RFC 8032, Signature Algorithm (EdDSA)", RFC 8032,
DOI 10.17487/RFC8032, January 2017, DOI 10.17487/RFC8032, January 2017,
<https://www.rfc-editor.org/info/rfc8032>. <https://www.rfc-editor.org/info/rfc8032>.
12.2. Informative References 12.2. Informative References
[ED448] Hamburg, M., "Ed448-Goldilocks, a new elliptic curve",
January 2015, <https://eprint.iacr.org/2015/625.pdf>.
[IANA-PKA] [IANA-PKA]
Internet Assigned Numbers Authority (IANA), "Secure Shell Internet Assigned Numbers Authority (IANA), "Secure Shell
(SSH) Protocol Parameters: Public Key Algorithm Names", (SSH) Protocol Parameters: Public Key Algorithm Names",
May 2017, <http://www.iana.org/assignments/ssh-parameters/ May 2017, <http://www.iana.org/assignments/ssh-parameters/
ssh-parameters.xhtml#ssh-parameters-19>. ssh-parameters.xhtml#ssh-parameters-19>.
[IANA-SSHFP] [IANA-SSHFP]
Internet Assigned Numbers Authority (IANA), "Secure Shell Internet Assigned Numbers Authority (IANA), "Secure Shell
(SSH) Protocol Parameters: Public Key Algorithm Names", (SSH) Protocol Parameters: Public Key Algorithm Names",
May 2017, <https://www.iana.org/assignments/dns-sshfp-rr- May 2017, <https://www.iana.org/assignments/dns-sshfp-rr-
skipping to change at page 7, line 4 skipping to change at page 7, line 13
<https://www.rfc-editor.org/info/rfc7479>. <https://www.rfc-editor.org/info/rfc7479>.
Authors' Addresses Authors' Addresses
Ben Harris Ben Harris
2A Eachard Road 2A Eachard Road
CAMBRIDGE CB3 0HY CAMBRIDGE CB3 0HY
UNITED KINGDOM UNITED KINGDOM
Email: bjh21@bjh21.me.uk Email: bjh21@bjh21.me.uk
Loganaden Velvindron Loganaden Velvindron
cyberstorm.mu cyberstorm.mu
88, Avenue De Plevitz 88, Avenue De Plevitz
Roches Brunes Roches Brunes
Mauritius Mauritius
Email: loganaden@gmail.com Email: logan@cyberstorm.mu
 End of changes. 9 change blocks. 
7 lines changed or deleted 16 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/