| draft-ietf-curdle-ssh-ed25519-00.txt | draft-ietf-curdle-ssh-ed25519-01.txt | |||
|---|---|---|---|---|
| Network Working Group B. Harris | Internet Engineering Task Force B. Harris | |||
| Internet-Draft May 3, 2016 | Internet-Draft | |||
| Intended status: Informational | Updates: 4250 (if approved) L. Velvindron | |||
| Expires: November 4, 2016 | Intended status: Standards Track Hackers.mu | |||
| Expires: February 7, 2018 August 6, 2017 | ||||
| Ed25519 public key algorithm for the Secure Shell (SSH) protocol | Ed25519 public key algorithm for the Secure Shell (SSH) protocol | |||
| draft-ietf-curdle-ssh-ed25519-00 | draft-ietf-curdle-ssh-ed25519-01 | |||
| Abstract | Abstract | |||
| This document describes the use of the Ed25519 digital signature | This document describes the use of the Ed25519 digital signature | |||
| algorithm in the Secure Shell (SSH) protocol. | algorithm in the Secure Shell (SSH) protocol. | |||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| skipping to change at page 1, line 31 ¶ | skipping to change at page 1, line 32 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on November 4, 2016. | This Internet-Draft will expire on February 7, 2018. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2016 IETF Trust and the persons identified as the | Copyright (c) 2017 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| 1. Introduction | 1. Introduction | |||
| Secure Shell (SSH) [RFC4251] is a secure remote-login protocol. It | Secure Shell (SSH) [RFC4251] is a secure remote-login protocol. It | |||
| provides for an extensible variety of public key algorithms for | provides for an extensible variety of public key algorithms for | |||
| identifying servers and users to one another. Ed25519 | identifying servers and users to one another. Ed25519 [RFC8032] is a | |||
| [I-D.irtf-cfrg-eddsa] is a digital signature system. OpenSSH 6.5 | digital signature system. OpenSSH 6.5 [OpenSSH-6.5] introduced | |||
| [OpenSSH-6.5] introduced support for using Ed25519 for server and | support for using Ed25519 for server and user authentication. | |||
| user authentication. Compatible support for Ed25519 has since been | Compatible support for Ed25519 has since been added to other SSH | |||
| added to other SSH implementations. | implementations. | |||
| This document describes the method implemented by OpenSSH and others, | This document describes the method implemented by OpenSSH and others, | |||
| and formalizes its use of the name "ssh-ed25519". | and formalizes its use of the name "ssh-ed25519". | |||
| Comments on this draft are welcomed and should be sent to the Curdle | [TO BE REMOVED: Please send comments on this draft to | |||
| Working Group mailing list. | curdle@ietf.org.] | |||
| 2. Conventions Used in This Document | 2. Conventions Used in This Document | |||
| The descriptions of key and signature formats use the notation | The descriptions of key and signature formats use the notation | |||
| introduced in [RFC4251], Section 3 and the string data type from | introduced in [RFC4251], Section 3 [RFC4251] and the string data type | |||
| [RFC4251], Section 5. | from [RFC4251], Section 5 [RFC4251]. | |||
| 3. Public Key Algorithm | 3. Public Key Algorithm | |||
| This document describes a public key algorithm for use with SSH in | This document describes a public key algorithm for use with SSH in | |||
| accordance with [RFC4253], Section 6.6. The name of the algorithm is | accordance with [RFC4253], Section 6.6 [RFC4253]. The name of the | |||
| "ssh-ed25519". This algorithm only supports signing and not | algorithm is "ssh-ed25519". This algorithm only supports signing and | |||
| encryption. | not encryption. | |||
| 4. Public Key Format | 4. Public Key Format | |||
| The "ssh-ed25519" key format has the following encoding: | The "ssh-ed25519" key format has the following encoding: | |||
| string "ssh-ed25519" | string "ssh-ed25519" | |||
| string key | string key | |||
| Here 'key' is the 32-octet public key described by | Here 'key' is the 32-octet public key described by [RFC8032], | |||
| [I-D.irtf-cfrg-eddsa], Section 5.1.5. | Section 5.1.5 [RFC8032]. | |||
| 5. Signature Algorithm | 5. Signature Algorithm | |||
| Signatures are generated according to the procedure in | Signatures are generated according to the procedure in [RFC8032], | |||
| [I-D.irtf-cfrg-eddsa], Section 5.1.6. | Section 5.1.6 [RFC8032]. | |||
| 6. Signature format | 6. Signature Format | |||
| The corresponding signature format is: | The "ssh-ed25519" key format has the following encoding: | |||
| string "ssh-ed25519" | string "ssh-ed25519" | |||
| string signature | string signature | |||
| Here 'signature' is the 64-octet signature produced in accordance | Here 'signature' is the 64-octet signature produced in accordance | |||
| with [I-D.irtf-cfrg-eddsa], Section 5.1.6. | with [RFC8032], Section 5.1.6 [RFC8032]. | |||
| 7. Verification Algorithm | 7. Verification Algorithm | |||
| Signatures are verified according to the procedure in | Signatures are verified according to the procedure in [RFC8032], | |||
| [I-D.irtf-cfrg-eddsa], Section 5.1.7. | Section 5.1.7 [RFC8032]. | |||
| 8. SSHFP DNS resource records | 8. SSHFP DNS resource records | |||
| The generation of SSHFP resource records for "ssh-ed25519" keys is | The generation of SSHFP resource records for "ssh-ed25519" keys is | |||
| described in [RFC7479]. | described in [RFC7479]. | |||
| 9. IANA Considerations | 9. IANA Considerations | |||
| IANA is requested to assign the Public Key Algorithm name | This document augments the Public Key Algorithm Names in [RFC4250], | |||
| "ssh-ed25519" in accordance with [RFC4250], Section 4.6.2: | Section 4.6.2 [RFC4250]. | |||
| Public Key Algorithm Name Reference | IANA is requested to add to the Public Key Algorithm Names registry | |||
| ------------------------- --------- | [IANA-PKA] with the following entry: | |||
| ssh-ed25519 [RFCXXXX] | ||||
| Public Key Algorithm Name Reference | ||||
| ------------------------- ---------- | ||||
| ssh-ed25519 This Draft | ||||
| [TO BE REMOVED: This registration should take place at the following | [TO BE REMOVED: This registration should take place at the following | |||
| location: <http://www.iana.org/assignments/ssh-parameters/ssh- | location: <http://www.iana.org/assignments/ssh-parameters/ssh- | |||
| parameters.xhtml#ssh-parameters-19>] | parameters.xhtml#ssh-parameters-19>] | |||
| 10. Security Considerations | 10. Security Considerations | |||
| The security considerations in [RFC4251], Section 9 apply to all SSH | The security considerations in [RFC4251], Section 9 [RFC4251] apply | |||
| implementations, including those using Ed25519. | to all SSH implementations, including those using Ed25519. | |||
| The security considerations in [I-D.irtf-cfrg-eddsa], Section 10 | The security considerations in [RFC8032], Section 8 [RFC8032] apply | |||
| apply to all uses of Ed25519, including those in SSH. | to all uses of Ed25519, including those in SSH. | |||
| 11. Acknowledgements | 11. Acknowledgements | |||
| The OpenSSH implementation of Ed25519 in SSH was written by Markus | The OpenSSH implementation of Ed25519 in SSH was written by Markus | |||
| Friedl. | Friedl. | |||
| 12. References | 12. References | |||
| 12.1. Normative References | 12.1. Normative References | |||
| skipping to change at page 4, line 22 ¶ | skipping to change at page 4, line 27 ¶ | |||
| <http://www.rfc-editor.org/info/rfc4250>. | <http://www.rfc-editor.org/info/rfc4250>. | |||
| [RFC4251] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH) | [RFC4251] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH) | |||
| Protocol Architecture", RFC 4251, DOI 10.17487/RFC4251, | Protocol Architecture", RFC 4251, DOI 10.17487/RFC4251, | |||
| January 2006, <http://www.rfc-editor.org/info/rfc4251>. | January 2006, <http://www.rfc-editor.org/info/rfc4251>. | |||
| [RFC4253] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH) | [RFC4253] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH) | |||
| Transport Layer Protocol", RFC 4253, DOI 10.17487/RFC4253, | Transport Layer Protocol", RFC 4253, DOI 10.17487/RFC4253, | |||
| January 2006, <http://www.rfc-editor.org/info/rfc4253>. | January 2006, <http://www.rfc-editor.org/info/rfc4253>. | |||
| [I-D.irtf-cfrg-eddsa] | [RFC8032] Josefsson, S. and I. Liusvaara, "Edwards-Curve Digital | |||
| Josefsson, S. and I. Liusvaara, "Edwards-curve Digital | Signature Algorithm (EdDSA)", RFC 8032, | |||
| Signature Algorithm (EdDSA)", draft-irtf-cfrg-eddsa-05 | DOI 10.17487/RFC8032, January 2017, | |||
| (work in progress), March 2016. | <http://www.rfc-editor.org/info/rfc8032>. | |||
| 12.2. Informative References | 12.2. Informative References | |||
| [RFC7479] Moonesamy, S., "Using Ed25519 in SSHFP Resource Records", | [IANA-PKA] | |||
| RFC 7479, DOI 10.17487/RFC7479, March 2015, | Internet Assigned Numbers Authority (IANA), "Secure Shell | |||
| <http://www.rfc-editor.org/info/rfc7479>. | (SSH) Protocol Parameters: Public Key Algorithm Names", | |||
| May 2017, <http://www.iana.org/assignments/ssh-parameters/ | ||||
| ssh-parameters.xhtml#ssh-parameters-19>. | ||||
| [OpenSSH-6.5] | [OpenSSH-6.5] | |||
| Friedl, M., Provos, N., de Raadt, T., Steves, K., Miller, | Friedl, M., Provos, N., de Raadt, T., Steves, K., Miller, | |||
| D., Tucker, D., McIntyre, J., Rice, T., and B. Lindstrom, | D., Tucker, D., Rice, T., and B. Lindstrom, "OpenSSH 6.5 | |||
| "[OpenSSH 6.5 release notes]", January 2014, | release notes", January 2014, | |||
| <http://www.openssh.com/txt/release-6.5>. | <http://www.openssh.com/txt/release-6.5>. | |||
| Author's Address | [RFC7479] Moonesamy, S., "Using Ed25519 in SSHFP Resource Records", | |||
| RFC 7479, DOI 10.17487/RFC7479, March 2015, | ||||
| <http://www.rfc-editor.org/info/rfc7479>. | ||||
| Authors' Addresses | ||||
| Ben Harris | Ben Harris | |||
| 2A Eachard Road | 2A Eachard Road | |||
| CAMBRIDGE CB3 0HY | CAMBRIDGE CB3 0HY | |||
| UNITED KINGDOM | UNITED KINGDOM | |||
| Email: bjh21@bjh21.me.uk | Email: bjh21@bjh21.me.uk | |||
| Loganaden Velvindron | ||||
| Hackers.mu | ||||
| 88, Avenue De Plevitz | ||||
| Roches Brunes | ||||
| Mauritius | ||||
| Email: logan@hackers.mu | ||||
| End of changes. 25 change blocks. | ||||
| 51 lines changed or deleted | 61 lines changed or added | |||
This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||