[Docs] [txt|pdf|xml|html] [Tracker] [Email] [Nits]

Versions: 00 01 02 03 04 05 06 07 RFC 6594

Network Working Group                                            O. Sury
Internet-Draft                                                    CZ.NIC
Updates: 4225 (if approved)                                June 16, 2011
Intended status: Standards Track
Expires: December 18, 2011


   Use of SHA-256 Algorithm with RSA, DSA and ECDSA in SSHFP Resource
                                Records
                   draft-os-ietf-sshfp-ecdsa-sha2-00

Abstract

   This document defines how to store Secure Shell (SSH) ECDSA public
   keys and SHA-256 fingerprints in SSHFP Resource Records.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on December 18, 2011.

Copyright Notice

   Copyright (c) 2011 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.




Sury                    Expires December 18, 2011               [Page 1]

Internet-Draft   ECDSA and SHA-256 Algorithms for SSHFP        June 2011


   This document may contain material from IETF Documents or IETF
   Contributions published or made publicly available before November
   10, 2008.  The person(s) controlling the copyright in some of this
   material may not have granted the IETF Trust the right to allow
   modifications of such material outside the IETF Standards Process.
   Without obtaining an adequate license from the person(s) controlling
   the copyright in such materials, this document may not be modified
   outside the IETF Standards Process, and derivative works of it may
   not be created outside the IETF Standards Process, except to format
   it for publication as an RFC or to translate it into languages other
   than English.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . . 3
   2.  SSHFP Resource Records  . . . . . . . . . . . . . . . . . . . . 3
     2.1.  SSHFP Fingerprint Type Specification  . . . . . . . . . . . 3
       2.1.1.  SHA-256 SSHFP Fingerprint Type Specification  . . . . . 3
     2.2.  SSHFP Algorithm Number Specification  . . . . . . . . . . . 3
       2.2.1.  ECDSA SSHFP Algorithm Number Specification  . . . . . . 4
   3.  Implementation Considerations . . . . . . . . . . . . . . . . . 4
     3.1.  Support for SHA-256 fingerprints  . . . . . . . . . . . . . 4
     3.2.  Support for ECDSA . . . . . . . . . . . . . . . . . . . . . 4
   4.  Examples  . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
     4.1.  RSA public key  . . . . . . . . . . . . . . . . . . . . . . 5
       4.1.1.  RSA public key with SHA1 fingerprint  . . . . . . . . . 5
       4.1.2.  RSA public key with SHA256 fingerprint  . . . . . . . . 5
     4.2.  DSA public key  . . . . . . . . . . . . . . . . . . . . . . 6
       4.2.1.  DSA public key with SHA1 fingerprint  . . . . . . . . . 6
       4.2.2.  DSA public key with SHA256 fingerprint  . . . . . . . . 6
     4.3.  ECDSA public key  . . . . . . . . . . . . . . . . . . . . . 6
       4.3.1.  ECDSA public key with SHA256 fingerprint  . . . . . . . 7
   5.  IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 7
     5.1.  SSHFP RR Types for public key algorithms  . . . . . . . . . 7
     5.2.  SSHFP RR types for fingerprint types  . . . . . . . . . . . 7
   6.  Security Considerations . . . . . . . . . . . . . . . . . . . . 7
   7.  Normative References  . . . . . . . . . . . . . . . . . . . . . 8














Sury                    Expires December 18, 2011               [Page 2]

Internet-Draft   ECDSA and SHA-256 Algorithms for SSHFP        June 2011


1.  Introduction

   The Domain Name System (DNS) is the global, hierarchical distributed
   database for Internet Naming.  The Secure Shell (SSH) is a protocol
   for secure remote login and other secure network services over an
   insecure network.  RFC 4253 [RFC4253] defines Public Key Algorithms
   for the Secure Shell server public keys.

   The DNS has been extended to store fingerprints in a DNS recource
   record named SSHFP [RFC4255], which provide out-of-band verification
   by looking up a fingerprint of the server public key in the DNS
   [RFC1034], [RFC1035] and using DNSSEC [RFC4033], [RFC4034], [RFC4035]
   to verify the lookup.

   RFC 4255 [RFC4255] describes how to store SSH public keys in SSHFP
   resource records and specifies a list of cryptographic algorithms to
   use for Algorithm Number and Fingerprint Type.  This document
   extendes the SSHFP Algorithm Number list with the ECDSA algorithm
   [RFC6090] which has been added to Secure Shell Public Key list in RFC
   5656 [RFC5656] and the SSHFP Fingerprint Type list with SHA-256
   algorithm.

   Familiarity with DNSSEC, SSH Protocol [RFC4251], [RFC4253],
   [RFC4250], SSHFP [RFC4255], and the SHA-2 [FIPS.180-3.2008] family of
   algorithms is assumed in this document.

   This document updates RFC 4255 [RFC4255].

2.  SSHFP Resource Records

   The format of the SSHFP RR can be found in RFC 4255 [RFC4255].

2.1.  SSHFP Fingerprint Type Specification

   The fingerprint type octet describes the message-digest algorithm
   used to calculate the fingerprint of the public key.

2.1.1.  SHA-256 SSHFP Fingerprint Type Specification

   SHA-256 fingerprints of the public keys are stored in SSHFP Resource
   Record with the fingerprint type 2.

2.2.  SSHFP Algorithm Number Specification

   The SSHFP Resource Record algorithm number octet describes the
   algorithm of the public key.





Sury                    Expires December 18, 2011               [Page 3]

Internet-Draft   ECDSA and SHA-256 Algorithms for SSHFP        June 2011


2.2.1.  ECDSA SSHFP Algorithm Number Specification

   ECDSA public keys are stored in SSHFP Resource Records with the
   algorithm number 3.

   ECDSA public key fingerprints MUST use SHA-256 algorithm fingerprint.

3.  Implementation Considerations

3.1.  Support for SHA-256 fingerprints

   SSHFP-aware Secure Shell implementations SHOULD support the SHA-256
   fingerprints for verification of the public key.  Secure Shell
   implementations which support SHA-256 fingerprints MUST prefer the
   SHA-256 fingerprints if available over SHA-1 to prevent downgrade
   attacks.

3.2.  Support for ECDSA

   SSHFP-aware Secure Shell implementations which also implement ECDSA
   algorithm for the public key SHOULD support SSHFP fingerprints for
   ECDSA public keys.

4.  Examples



























Sury                    Expires December 18, 2011               [Page 4]

Internet-Draft   ECDSA and SHA-256 Algorithms for SSHFP        June 2011


4.1.  RSA public key

   Given a private key with the following value in OpenSSH format:

       -----BEGIN RSA PRIVATE KEY-----
       MIIEpAIBAAKCAQEAwlEeCTocU4p86u0Dt20F1uI5jwgrpRbJ4fGIuzCsKTJ3fevk
       +7le5xMMvuvhlmLvfCMRSQciIxV1/2ugVw6d/O/MHsx9Q2drTQ/7bv3rnc+hK6Ux
       WJp1S8hAwEWEs1QTULiCtVA6r7wein3yXMre/BacFtu3rhpKhJGpuxmrqz0QIMF3
       oQwf4DMEbV1UWftd82FpAJgGPuTgFlZnV7kFZuZI5b3Dc7aNh95t56ibQ+CfS9ZS
       j7klVasCa+P+oYm1yZEBL1qVL3TgFMN36yqTcGvd9n1xZN5HuK7A40P1vBspXjLS
       t08fLROM9cLqMF7WHugWvKtywD7P5tkuKVLHMQIDAQABAoIBAQCrZP1HSjhd/5M7
       bB+RFNrHtPbsEFre3QDpCDCAW+ge1mLLcNyio9jvnL/rTwfFrDJsnknKzj3wECfq
       STY+U6hKyACVUe1THM9qQ6SVO+ctZUxVwPmLm4HGfDWQ4kCwJIJ8+qJf5wo8o4OU
       yI6UBmU0mYTILLkRGiOMVycM3xGqkUJHcjj82GLWNKakdp1CuFtmyF0aUnlDp5gm
       Ub0GgCgBFCO+/Eb7OoqZufhS6bisRyDEozLNO/I0Ih7lZgsaywOsjeXOZ2+zHH98
       +RVrnZ6PObxPp2WmSA268gW02k2rWRGTg95boSLdxv2C1nBvdqsMXnq8hVcfKigO
       bYH1uIOBAoGBAOBkncI1ZYOd8mye4a+hgzBgxdzrEl3QCAm3qSw5Gsz6FwTAZAit
       u4lRSXb0birYKfJjcZ7Og/07r0KCMuCku/CTpbZP0gCSyd7SaeovFs1y9tUuY8r+
       iT+FxFeOQ9PcYcOccivzkLwINOrG/Glm8UWUngCRDgo/CSOSTf06juY5AoGBAN2v
       /DQeQl/uATmIyfOGsZA4IdmAfhY8P60GVdk8zFZyDW5qmJklDA75ObepUtDnAcDd
       NzkNyKZBIX6aFoMkXAzwMCxk6KU3gkbciuCydCXf323fKCS7SHIk+btGa+eRhUcO
       HzPlzUqxrqg7ouQ1n2/zLbiN10zwWCPYzTGAwai5AoGBAJ9b9YnqQAjkEDnB8Ee5
       7aBa6cpGC8oiJsM38uYcPANcjSJru99J+si/uOvJFcBJuiiRJS0CP0yFqacTLizJ
       8UseoG5Ea8DKfqFHT77n6ErKHbAyfN66PCCn0FPaDiOU/L1eCttZ4+0V6vbdkH8O
       g8TFkhyW56CxOb1QdyCjCL9JAoGAcexxcBsowwGdkYKRPdu3PkUKaCrXIPgfRPyf
       e376B2afLmILP5BBTSSYm6ChVYeRaBqGuYQy2/VWkCgBb61svJ1mNDo7MESBZ4cI
       u4YZmCkfOehXSeEQzs/fonUDGMK4uhYwxMvQnxUGi5/yCtLft3lBwrjprrlIoktU
       z566ZskCgYBRFqGVaZZQgLeiEjuRtxo0MOmQvN3fwfgd7HbHoNjyalPRCUOurmDk
       rIpSmbeIABBWveapZwidXNRdbAqV/XZ+tEHeak4peanFGIUV5J4P9kg6eakuwC14
       wU+VnpDUATpddCID+jf7ory9bCvJ4gvKlyDq5PJyR8uiut+BY0m7Hg==
       -----END RSA PRIVATE KEY-----

4.1.1.  RSA public key with SHA1 fingerprint

   The SSHFP Resource Record for this key would be:

       server.example.net IN SSHFP 1 1 dd465c09cfa51fb45020cc83316fff21
                                       b9ec74ac

4.1.2.  RSA public key with SHA256 fingerprint

   The SSHFP Resource Record for this key would be:

       server.example.net IN SSHFP 1 2 b049f950d1397b8fee6a61e4d14a9acd
                                       c4721e084eff5460bbed80cfaa2ce2cb






Sury                    Expires December 18, 2011               [Page 5]

Internet-Draft   ECDSA and SHA-256 Algorithms for SSHFP        June 2011


4.2.  DSA public key

   Given a private key with the following value in OpenSSH format:

       -----BEGIN DSA PRIVATE KEY-----
       MIIBvAIBAAKBgQD1Ra3NFN+oFmssG3yc43L/Hn9d6gF+BCZfDWusar14dbfmgiRH
       Uu7KEY7byuCrDYZO/A43bZ34RIchShxzc94uv3P7PZT9FI1e5kQKOpwOwNxrOokB
       JW+jvRapuolUgum2FopU0gdLWHp3BBCVKGgLmvGEBf7sUcz60Xl8Rqh54wIVAML0
       z+mWLxUhWYQY47TALVN5RM3jAoGBAIANhW5G23qNPrv6sPJkBThVmaU2qjaO3e46
       L95mo24eS6hFQ+8k9zEtRkhoY4L74brP3oTE6s2G403NLM1DPSZ8E+8ateT9mWAy
       vfCFca8N9YzLbFFBJgageA1I07q7XGlpifSzWj9f5OGzKNP4aLZznDlZyD7EywRV
       lb3TUcVAAoGAOZcDcK01NTM1qIIYbBqCffrwjQ+9PmsuSKI6nUzfS4NysXHkdbW5
       u5VxeXLcwWj5PGbRfoS2P3vwYAmakqgq502wigam18u9nAczUYl+2kOeOiIRrtSm
       LfpV7thLOAb8k1ESjIlkbn35jKmTcoMFRXbFmkKRTK8OEnWQ8AVg6w8CFQCS/nI5
       MhAE/LKS/rJ5fSZ/j+/dNw==
       -----END DSA PRIVATE KEY-----

4.2.1.  DSA public key with SHA1 fingerprint

   The SSHFP Resource Record for this key would be:

       server.example.net IN SSHFP 2 1 3b6ba6110f5ffcd29469fc1ec2ee25d6
                                       1718badd

4.2.2.  DSA public key with SHA256 fingerprint

   The SSHFP Resource Record for this key would be:

       server.example.net IN SSHFP 2 2 f9b8a6a460639306f1b38910456a6ae1
                                       018a253c47ecec12db77d7a0878b4d83

4.3.  ECDSA public key

   Given a private key with the following value in OpenSSH format:

       -----BEGIN EC PRIVATE KEY-----
       MHcCAQEEINFBNyh3bKEQ4CQ7MfNgbEGINuRHjaIBrZkiWbaGPCZZoAoGCCqGSM49
       AwEHoUQDQgAEAP70I5SJftZiBy8g50jz52N2gUNVRPE2tyiDyxJh1sjN4b5th2yy
       y9zLL+dF9WFcLlAEKTwhOGqzsPj+UXFfmA==
       -----END EC PRIVATE KEY-----











Sury                    Expires December 18, 2011               [Page 6]

Internet-Draft   ECDSA and SHA-256 Algorithms for SSHFP        June 2011


4.3.1.  ECDSA public key with SHA256 fingerprint

   The SSHFP Resource Record for this key would be:

       server.example.net IN SSHFP 3 2 821eb6c1c98d9cc827ab7f456304c0f1
                                       4785b7008d9e8646a8519de80849afc7

5.  IANA Considerations

   This document updates the IANA registry "SSHFP RR Types for public
   key algorithms" and "SSHFP RR types for fingerprint types"
   [SSHFPVALS].

5.1.  SSHFP RR Types for public key algorithms

   The following entries are added to the "SSHFP RR Types for public key
   algorithms" registry:

                   +-------+-------------+------------+
                   | Value | Description |  Reference |
                   +-------+-------------+------------+
                   |   3   |    ECDSA    | [This doc] |
                   +-------+-------------+------------+

                                  Table 1

5.2.  SSHFP RR types for fingerprint types

   The following entries are added to the "SSHFP RR types for
   fingerprint types" registry:

                   +-------+-------------+------------+
                   | Value | Description |  Reference |
                   +-------+-------------+------------+
                   |   2   |   SHA-256   | [This doc] |
                   +-------+-------------+------------+

                                  Table 2

6.  Security Considerations

   Please see the security considerations in [RFC4255] for SSHFP record
   and [RFC5656] for ECDSA algorithm.

   Users of SSHFP are encouraged to deploy SHA-256 as soon as software
   implementations allow for it.  SHA-2 family of algorithms is widely
   believed to be more resilient to attack than SHA-1, and confidence in
   SHA-1's strength is being eroded by recently announced attacks.



Sury                    Expires December 18, 2011               [Page 7]

Internet-Draft   ECDSA and SHA-256 Algorithms for SSHFP        June 2011


   Regardless of whether or not the attacks on SHA-1 will affect SSHFP,
   it is believed (at the time of this writing) that SHA-256 is the
   better choice for use in SSHFP records.

   SHA-256 is considered sufficiently strong for the immediate future,
   but predictions about future development in cryptography and
   cryptanalysis are beyond the scope of this document.


7.  Normative References

   [FIPS.180-3.2008]
              National Institute of Standards and Technology, ""Secure
              Hash Standard"", FIPS PUB 180-3, October 2008, <http://
              csrc.nist.gov/publications/fips/fips180-3/
              fips180-3_final.pdf>.

   [RFC1034]  Mockapetris, P., "Domain names - concepts and facilities",
              STD 13, RFC 1034, November 1987.

   [RFC1035]  Mockapetris, P., "Domain names - implementation and
              specification", STD 13, RFC 1035, November 1987.

   [RFC4033]  Arends, R., Austein, R., Larson, M., Massey, D., and S.
              Rose, "DNS Security Introduction and Requirements",
              RFC 4033, March 2005.

   [RFC4034]  Arends, R., Austein, R., Larson, M., Massey, D., and S.
              Rose, "Resource Records for the DNS Security Extensions",
              RFC 4034, March 2005.

   [RFC4035]  Arends, R., Austein, R., Larson, M., Massey, D., and S.
              Rose, "Protocol Modifications for the DNS Security
              Extensions", RFC 4035, March 2005.

   [RFC4250]  Lehtinen, S. and C. Lonvick, "The Secure Shell (SSH)
              Protocol Assigned Numbers", RFC 4250, January 2006.

   [RFC4251]  Ylonen, T. and C. Lonvick, "The Secure Shell (SSH)
              Protocol Architecture", RFC 4251, January 2006.

   [RFC4253]  Ylonen, T. and C. Lonvick, "The Secure Shell (SSH)
              Transport Layer Protocol", RFC 4253, January 2006.

   [RFC4255]  Schlyter, J. and W. Griffin, "Using DNS to Securely
              Publish Secure Shell (SSH) Key Fingerprints", RFC 4255,
              January 2006.




Sury                    Expires December 18, 2011               [Page 8]

Internet-Draft   ECDSA and SHA-256 Algorithms for SSHFP        June 2011


   [RFC5656]  Stebila, D. and J. Green, "Elliptic Curve Algorithm
              Integration in the Secure Shell Transport Layer",
              RFC 5656, December 2009.

   [RFC6090]  McGrew, D., Igoe, K., and M. Salter, "Fundamental Elliptic
              Curve Cryptography Algorithms", RFC 6090, February 2011.

   [SSHFPVALS]
              IANA, ""DNS SSHFP Resource Records Parameters"", IANA
              registry available at:, <http://www.iana.org/assignments/
              dns-sshfp-rr-parameters/dns-sshfp-rr-parameters.xml>.


Author's Address

   Ondrej Sury
   CZ.NIC
   Americka 23
   120 00 Praha 2
   CZ

   Phone: +420 222 745 110
   Email: ondrej.sury@nic.cz




























Sury                    Expires December 18, 2011               [Page 9]


Html markup produced by rfcmarkup 1.109, available from https://tools.ietf.org/tools/rfcmarkup/