draft-ietf-curdle-rsa-sha2-07.txt   draft-ietf-curdle-rsa-sha2-08.txt 
Internet-Draft D. Bider Internet-Draft D. Bider
Updates: 4252, 4253 (if approved) Bitvise Limited Updates: 4252, 4253 (if approved) Bitvise Limited
Intended status: Standards Track May 4, 2017 Intended status: Standards Track May 30, 2017
Expires: November 4, 2017 Expires: November 30, 2017
Use of RSA Keys with SHA-2 256 and 512 in Secure Shell (SSH) Use of RSA Keys with SHA-2 256 and 512 in Secure Shell (SSH)
draft-ietf-curdle-rsa-sha2-07.txt draft-ietf-curdle-rsa-sha2-08.txt
Abstract Abstract
This memo updates RFC 4252 and RFC 4253 to define new public key This memo updates RFC 4252 and RFC 4253 to define new public key
algorithms for use of RSA keys with SHA-2 hashing for server and algorithms for use of RSA keys with SHA-2 hashing for server and
client authentication in SSH connections. client authentication in SSH connections.
Status Status
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
skipping to change at page 2, line 22 skipping to change at page 2, line 22
Standards Process, and derivative works of it may not be created Standards Process, and derivative works of it may not be created
outside the IETF Standards Process, except to format it for outside the IETF Standards Process, except to format it for
publication as an RFC or to translate it into languages other than publication as an RFC or to translate it into languages other than
English. English.
1. Overview and Rationale 1. Overview and Rationale
Secure Shell (SSH) is a common protocol for secure communication on Secure Shell (SSH) is a common protocol for secure communication on
the Internet. In [RFC4253], SSH originally defined the public key the Internet. In [RFC4253], SSH originally defined the public key
algorithms "ssh-rsa" for server and client authentication using RSA algorithms "ssh-rsa" for server and client authentication using RSA
with SHA-1, and "ssh-dss" using 1024-bit DSA and SHA-1. with SHA-1, and "ssh-dss" using 1024-bit DSA and SHA-1. These
algorithms are now considered deficient. For US government use, NIST
A decade later, these algorithms are considered deficient. For US has disallowed 1024-bit RSA and DSA, and use of SHA-1 for signing
government use, NIST has disallowed 1024-bit RSA and DSA, and use of [800-131A].
SHA-1 for signing [800-131A].
This memo defines new public key algorithms allowing for interoperable This memo updates RFC 4252 and RFC 4253 to define new public key
use of existing and new RSA keys with SHA-2 hashing. algorithms allowing for interoperable use of existing and new RSA keys
with SHA-2 hashing.
1.1. Requirements Terminology 1.1. Requirements Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
1.2. Wire Encoding Terminology 1.2. Wire Encoding Terminology
The wire encoding types in this document - "boolean", "byte", The wire encoding types in this document - "boolean", "byte",
skipping to change at page 4, line 28 skipping to change at page 4, line 28
To use this algorithm for client authentication, the SSH client sends To use this algorithm for client authentication, the SSH client sends
an SSH_MSG_USERAUTH_REQUEST message [RFC4252] encoding the "publickey" an SSH_MSG_USERAUTH_REQUEST message [RFC4252] encoding the "publickey"
method, and encoding the string field "public key algorithm name" with method, and encoding the string field "public key algorithm name" with
the value "rsa-sha2-256" or "rsa-sha2-512". The "public key blob" the value "rsa-sha2-256" or "rsa-sha2-512". The "public key blob"
field encodes the RSA public key using the "ssh-rsa" public key field encodes the RSA public key using the "ssh-rsa" public key
format. The signature field, if present, encodes a signature using an format. The signature field, if present, encodes a signature using an
algorithm name that MUST match the SSH authentication request - either algorithm name that MUST match the SSH authentication request - either
"rsa-sha2-256", or "rsa-sha2-512". "rsa-sha2-256", or "rsa-sha2-512".
For example, an SSH "publickey" authentication request using an For example, as defined in [RFC4252] and [RFC4253], an SSH "publickey"
"rsa-sha2-512" signature would be properly encoded as follows: authentication request using an "rsa-sha2-512" signature would be
properly encoded as follows:
byte SSH_MSG_USERAUTH_REQUEST byte SSH_MSG_USERAUTH_REQUEST
string user name string user name
string service name string service name
string "publickey" string "publickey"
boolean TRUE boolean TRUE
string "rsa-sha2-512" string "rsa-sha2-512"
string public key blob: string public key blob:
string "ssh-rsa" string "ssh-rsa"
mpint e mpint e
skipping to change at page 7, line 46 skipping to change at page 7, line 46
[RFC6979] Pornin, T., "Deterministic Usage of the Digital [RFC6979] Pornin, T., "Deterministic Usage of the Digital
Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (DSA) and Elliptic Curve Digital
Signature Algorithm (ECDSA)", RFC 6979, August 2013. Signature Algorithm (ECDSA)", RFC 6979, August 2013.
[RFC8017] Moriarty, K., Kaliski, B., Jonsson, J. and Rusch, A., [RFC8017] Moriarty, K., Kaliski, B., Jonsson, J. and Rusch, A.,
"PKCS #1: RSA Cryptography Specifications Version 2.2", "PKCS #1: RSA Cryptography Specifications Version 2.2",
RFC 8017, November 2016. RFC 8017, November 2016.
[EXT-INFO] Bider, D., "Extension Negotiation in Secure Shell (SSH)", [EXT-INFO] Bider, D., "Extension Negotiation in Secure Shell (SSH)",
draft-ietf-curdle-ssh-ext-info-06.txt, May 2017, draft-ietf-curdle-ssh-ext-info-08.txt, May 2017,
<https://tools.ietf.org/html/ <https://tools.ietf.org/html/
draft-ietf-curdle-ssh-ext-info-06>. draft-ietf-curdle-ssh-ext-info-08>.
[IANA-PKA] "Secure Shell (SSH) Protocol Parameters", [IANA-PKA] "Secure Shell (SSH) Protocol Parameters",
<https://www.iana.org/assignments/ssh-parameters/ <https://www.iana.org/assignments/ssh-parameters/
ssh-parameters.xhtml#ssh-parameters-19>. ssh-parameters.xhtml#ssh-parameters-19>.
Author's Address Author's Address
Denis Bider Denis Bider
Bitvise Limited Bitvise Limited
Suites 41/42, Victoria House Suites 41/42, Victoria House
 End of changes. 7 change blocks. 
14 lines changed or deleted 15 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/