draft-ietf-curdle-rsa-sha2-00.txt   draft-ietf-curdle-rsa-sha2-01.txt 
Internet-Draft D. Bider Internet-Draft D. Bider
Updates: 4252, 4253 (if approved) Bitvise Limited Updates: 4252, 4253 (if approved) Bitvise Limited
Intended status: Standards Track March 10, 2016 Intended status: Standards Track August 1, 2016
Expires: September 10, 2016 Expires: February 1, 2017
Use of RSA Keys with SHA-2 256 and 512 in Secure Shell (SSH) Use of RSA Keys with SHA-2 256 and 512 in Secure Shell (SSH)
draft-ietf-curdle-rsa-sha2-00.txt draft-ietf-curdle-rsa-sha2-01.txt
Abstract Abstract
This memo defines an algorithm name, public key format, and signature This memo defines an algorithm name, public key format, and signature
format for use of RSA keys with SHA-2 512 for server and client format for use of RSA keys with SHA-2 512 for server and client
authentication in SSH connections. authentication in SSH connections.
Status Status
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
skipping to change at page 1, line 39 skipping to change at page 1, line 39
or to cite them other than as "work in progress." or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/1id-abstracts.html http://www.ietf.org/1id-abstracts.html
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html http://www.ietf.org/shadow.html
Copyright Copyright
Copyright (c) 2015 IETF Trust and the persons identified as the Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 3, line 37 skipping to change at page 3, line 37
or "rsa-sha2-512". or "rsa-sha2-512".
2.2. Use for client authentication 2.2. Use for client authentication
To use this algorithm for client authentication, the SSH client sends To use this algorithm for client authentication, the SSH client sends
an SSH_MSG_USERAUTH_REQUEST message [RFC4252] encoding the "publickey" an SSH_MSG_USERAUTH_REQUEST message [RFC4252] encoding the "publickey"
method, and encoding the string field "public key algorithm name" with method, and encoding the string field "public key algorithm name" with
the value "rsa-sha2-256" or "rsa-sha2-512". The "public key blob" the value "rsa-sha2-256" or "rsa-sha2-512". The "public key blob"
field encodes the RSA public key using the "ssh-rsa" algorithm name. field encodes the RSA public key using the "ssh-rsa" algorithm name.
The signature field, if present, encodes a signature using an The signature field, if present, encodes a signature using an
algorithm name that matches the SSH authentication request - either algorithm name that MUST match the SSH authentication request - either
"rsa-sha2-256", or "rsa-sha2-512". "rsa-sha2-256", or "rsa-sha2-512".
For example, an SSH "publickey" authentication request using an
"rsa-sha2-512" signature would be properly encoded as follows:
byte SSH_MSG_USERAUTH_REQUEST
string user name
string service name
string "publickey"
boolean TRUE
string "rsa-sha2-512"
string public key blob:
string "ssh-rsa"
mpint e
mpint n
string signature:
string "rsa-sha2-512"
string rsa_signature_blob
3. Discovery of signature algorithms supported by servers 3. Discovery of signature algorithms supported by servers
Implementation experience has shown that there are servers which apply Implementation experience has shown that there are servers which apply
authentication penalties to clients attempting signature algorithms authentication penalties to clients attempting signature algorithms
which the SSH server does not support. which the SSH server does not support.
Servers that accept rsa-sha2-* signatures for client authentication Servers that accept rsa-sha2-* signatures for client authentication
SHOULD implement the extension negotiation mechanism defined in SHOULD implement the extension negotiation mechanism defined in
[SSH-EXT-INFO], including especially the "server-sig-algs" extension. [SSH-EXT-INFO], including especially the "server-sig-algs" extension.
skipping to change at page 5, line 28 skipping to change at page 5, line 31
[RFC3447] Jonsson, J. and B. Kaliski, "Public-Key Cryptography [RFC3447] Jonsson, J. and B. Kaliski, "Public-Key Cryptography
Standards (PKCS) #1: RSA Cryptography Specifications Standards (PKCS) #1: RSA Cryptography Specifications
Version 2.1", RFC 3447, February 2003. Version 2.1", RFC 3447, February 2003.
[RFC4252] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH) [RFC4252] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH)
Authentication Protocol", RFC 4252, January 2006. Authentication Protocol", RFC 4252, January 2006.
[RFC4253] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH) [RFC4253] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH)
Transport Layer Protocol", RFC 4253, January 2006. Transport Layer Protocol", RFC 4253, January 2006.
6.2. Informative References 7.2. Informative References
[800-131A] National Institute of Standards and Technology (NIST), [800-131A] National Institute of Standards and Technology (NIST),
"Transitions: Recommendation for Transitioning the Use of "Transitions: Recommendation for Transitioning the Use of
Cryptographic Algorithms and Key Lengths", NIST Special Cryptographic Algorithms and Key Lengths", NIST Special
Publication 800-131A, January 2011, <http://csrc.nist.gov/ Publication 800-131A, January 2011, <http://csrc.nist.gov/
publications/nistpubs/800-131A/sp800-131A.pdf>. publications/nistpubs/800-131A/sp800-131A.pdf>.
[RFC4250] Lehtinen, S. and C. Lonvick, Ed., "The Secure Shell (SSH) [RFC4250] Lehtinen, S. and C. Lonvick, Ed., "The Secure Shell (SSH)
Protocol Assigned Numbers", RFC 4250, January 2006. Protocol Assigned Numbers", RFC 4250, January 2006.
 End of changes. 6 change blocks. 
6 lines changed or deleted 23 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/