draft-ietf-curdle-rsa-sha2-10.txt   draft-ietf-curdle-rsa-sha2-11.txt 
Internet-Draft D. Bider Internet-Draft D. Bider
Updates: 4252, 4253 (if approved) Bitvise Limited Updates: 4252, 4253 (if approved) Bitvise Limited
Intended status: Standards Track August 22, 2017 Intended status: Standards Track October 6, 2017
Expires: February 22, 2018 Expires: April 6, 2018
Use of RSA Keys with SHA-2 256 and 512 in Secure Shell (SSH) Use of RSA Keys with SHA-2 256 and 512 in Secure Shell (SSH)
draft-ietf-curdle-rsa-sha2-10.txt draft-ietf-curdle-rsa-sha2-11.txt
Abstract Abstract
This memo updates RFC 4252 and RFC 4253 to define new public key This memo updates RFC 4252 and RFC 4253 to define new public key
algorithms for use of RSA keys with SHA-2 hashing for server and algorithms for use of RSA keys with SHA-2 hashing for server and
client authentication in SSH connections. client authentication in SSH connections.
Status Status
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
skipping to change at page 5, line 36 skipping to change at page 5, line 36
rsa-sha2-256 ssh-rsa [this document] Section 3 rsa-sha2-256 ssh-rsa [this document] Section 3
rsa-sha2-512 ssh-rsa [this document] Section 3 rsa-sha2-512 ssh-rsa [this document] Section 3
5. Security Considerations 5. Security Considerations
The security considerations of [RFC4251] apply to this document. The security considerations of [RFC4251] apply to this document.
5.1. Key Size and Signature Hash 5.1. Key Size and Signature Hash
The National Institute of Standards and Technology (NIST) Special The National Institute of Standards and Technology (NIST) Special
Publication 800-131A [800-131A] disallows the use of RSA and DSA keys Publication 800-131A, Revision 1 [800-131A], disallows the use of RSA
shorter than 2048 bits for US government use after 2013. The same and DSA keys shorter than 2048 bits for US government use. The same
document disallows the SHA-1 hash function, as used in the "ssh-rsa" document disallows the SHA-1 hash function for digital signature
and "ssh-dss" algorithms, for digital signature generation after 2013. generation, except under NIST's protocol-specific guidance.
5.2. Transition 5.2. Transition
This document is based on the premise that RSA is used in environments This document is based on the premise that RSA is used in environments
where a gradual, compatible transition to improved algorithms will be where a gradual, compatible transition to improved algorithms will be
better received than one that is abrupt and incompatible. It advises better received than one that is abrupt and incompatible. It advises
that SSH implementations add support for new RSA public key algorithms that SSH implementations add support for new RSA public key algorithms
along with SSH_MSG_EXT_INFO and the "server-sig-algs" extension to along with SSH_MSG_EXT_INFO and the "server-sig-algs" extension to
allow coexistence of new deployments with older versions that support allow coexistence of new deployments with older versions that support
only "ssh-rsa". Nevertheless, implementations SHOULD start to disable only "ssh-rsa". Nevertheless, implementations SHOULD start to disable
skipping to change at page 7, line 31 skipping to change at page 7, line 31
Authentication Protocol", RFC 4252, January 2006. Authentication Protocol", RFC 4252, January 2006.
[RFC4253] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH) [RFC4253] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH)
Transport Layer Protocol", RFC 4253, January 2006. Transport Layer Protocol", RFC 4253, January 2006.
6.2. Informative References 6.2. Informative References
[800-131A] National Institute of Standards and Technology (NIST), [800-131A] National Institute of Standards and Technology (NIST),
"Transitions: Recommendation for Transitioning the Use of "Transitions: Recommendation for Transitioning the Use of
Cryptographic Algorithms and Key Lengths", NIST Special Cryptographic Algorithms and Key Lengths", NIST Special
Publication 800-131A, January 2011, <http://csrc.nist.gov/ Publication 800-131A, Revision 1, November 2015,
publications/nistpubs/800-131A/sp800-131A.pdf>. <http://nvlpubs.nist.gov/nistpubs/SpecialPublications/
NIST.SP.800-131Ar1.pdf>.
[RFC4250] Lehtinen, S. and C. Lonvick, Ed., "The Secure Shell (SSH) [RFC4250] Lehtinen, S. and C. Lonvick, Ed., "The Secure Shell (SSH)
Protocol Assigned Numbers", RFC 4250, January 2006. Protocol Assigned Numbers", RFC 4250, January 2006.
[RFC6979] Pornin, T., "Deterministic Usage of the Digital [RFC6979] Pornin, T., "Deterministic Usage of the Digital
Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (DSA) and Elliptic Curve Digital
Signature Algorithm (ECDSA)", RFC 6979, August 2013. Signature Algorithm (ECDSA)", RFC 6979, August 2013.
[RFC8017] Moriarty, K., Kaliski, B., Jonsson, J. and Rusch, A., [RFC8017] Moriarty, K., Kaliski, B., Jonsson, J. and Rusch, A.,
"PKCS #1: RSA Cryptography Specifications Version 2.2", "PKCS #1: RSA Cryptography Specifications Version 2.2",
RFC 8017, November 2016. RFC 8017, November 2016.
[EXT-INFO] Bider, D., "Extension Negotiation in Secure Shell (SSH)", [EXT-INFO] Bider, D., "Extension Negotiation in Secure Shell (SSH)",
draft-ietf-curdle-ssh-ext-info-12.txt, August 2017, draft-ietf-curdle-ssh-ext-info-15.txt, September 2017,
<https://tools.ietf.org/html/ <https://tools.ietf.org/html/
draft-ietf-curdle-ssh-ext-info-12>. draft-ietf-curdle-ssh-ext-info-15>.
[IANA-PKA] "Secure Shell (SSH) Protocol Parameters", [IANA-PKA] "Secure Shell (SSH) Protocol Parameters",
<https://www.iana.org/assignments/ssh-parameters/ <https://www.iana.org/assignments/ssh-parameters/
ssh-parameters.xhtml#ssh-parameters-19>. ssh-parameters.xhtml#ssh-parameters-19>.
Author's Address Author's Address
Denis Bider Denis Bider
Bitvise Limited Bitvise Limited
4105 Lombardy Court 4105 Lombardy Court
 End of changes. 6 change blocks. 
11 lines changed or deleted 12 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/