draft-ietf-curdle-ssh-curves-02.txt   draft-ietf-curdle-ssh-curves-03.txt 
Internet Engineering Task Force A. Adamantiadis Internet Engineering Task Force A. Adamantiadis
Internet-Draft libssh Internet-Draft libssh
Intended status: Standards Track S. Josefsson Intended status: Standards Track S. Josefsson
Expires: October 12, 2017 SJD AB Expires: October 12, 2017 SJD AB
M. Baushke M. Baushke
Juniper Networks, Inc. Juniper Networks, Inc.
April 10, 2017 April 10, 2017
Secure Shell (SSH) Key Exchange Method using Curve25519 and Curve448 Secure Shell (SSH) Key Exchange Method using Curve25519 and Curve448
draft-ietf-curdle-ssh-curves-02 draft-ietf-curdle-ssh-curves-03
Abstract Abstract
This document describes the conventions for using Curve25519 and This document describes the conventions for using Curve25519 and
Curve448 key exchange methods in the Secure Shell (SSH) protocol. Curve448 key exchange methods in the Secure Shell (SSH) protocol.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
skipping to change at page 2, line 28 skipping to change at page 2, line 28
1. Introduction 1. Introduction
Secure Shell (SSH) [RFC4251] is a secure remote login protocol. The Secure Shell (SSH) [RFC4251] is a secure remote login protocol. The
key exchange protocol described in [RFC4253] supports an extensible key exchange protocol described in [RFC4253] supports an extensible
set of methods. [RFC5656] describes how elliptic curves are set of methods. [RFC5656] describes how elliptic curves are
integrated in SSH, and this document reuses those protocol messages. integrated in SSH, and this document reuses those protocol messages.
This document describes how to implement key exchange based on This document describes how to implement key exchange based on
[Curve25519] and [Ed448-Goldilocks] in SSH. For Curve25519 with [Curve25519] and [Ed448-Goldilocks] in SSH. For Curve25519 with
SHA-256 [RFC4634], the algorithm we describe is equivalent to the SHA-256 [RFC6234], the algorithm we describe is equivalent to the
privately defined algorithm "curve25519-sha256@libssh.org", which is privately defined algorithm "curve25519-sha256@libssh.org", which is
currently implemented and widely deployed in libssh and OpenSSH. The currently implemented and widely deployed in libssh and OpenSSH. The
Curve448 key exchange method is novel but similar in spirit, and we Curve448 key exchange method is novel but similar in spirit, and we
chose to couple it with SHA-512 [RFC4634] to further separate it from chose to couple it with SHA-512 [RFC6234] to further separate it from
the Curve25519 alternative. the Curve25519 alternative.
This document provide Curve25519 as the prefered choice, but suggests This document provide Curve25519 as the prefered choice, but suggests
that the fall back option Curve448 is implemented to provide an hedge that the fall back option Curve448 is implemented to provide an hedge
against unforseen analytical advances against Curve25519 and SHA-256. against unforseen analytical advances against Curve25519 and SHA-256.
Due to different implementation status of these two curves (high- Due to different implementation status of these two curves (high-
quality free implementations of Curve25519 has been in deployed use quality free implementations of Curve25519 has been in deployed use
for several years, while Curve448 implementations are slowly for several years, while Curve448 implementations are slowly
appearing), it is accepted that adoption of Curve448 will be slower. appearing), it is accepted that adoption of Curve448 will be slower.
skipping to change at page 5, line 18 skipping to change at page 5, line 18
<http://www.rfc-editor.org/info/rfc4250>. <http://www.rfc-editor.org/info/rfc4250>.
[RFC4251] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH) [RFC4251] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH)
Protocol Architecture", RFC 4251, DOI 10.17487/RFC4251, Protocol Architecture", RFC 4251, DOI 10.17487/RFC4251,
January 2006, <http://www.rfc-editor.org/info/rfc4251>. January 2006, <http://www.rfc-editor.org/info/rfc4251>.
[RFC4253] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH) [RFC4253] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH)
Transport Layer Protocol", RFC 4253, DOI 10.17487/RFC4253, Transport Layer Protocol", RFC 4253, DOI 10.17487/RFC4253,
January 2006, <http://www.rfc-editor.org/info/rfc4253>. January 2006, <http://www.rfc-editor.org/info/rfc4253>.
[RFC4634] Eastlake 3rd, D. and T. Hansen, "US Secure Hash Algorithms
(SHA and HMAC-SHA)", RFC 4634, DOI 10.17487/RFC4634, July
2006, <http://www.rfc-editor.org/info/rfc4634>.
[RFC5656] Stebila, D. and J. Green, "Elliptic Curve Algorithm [RFC5656] Stebila, D. and J. Green, "Elliptic Curve Algorithm
Integration in the Secure Shell Transport Layer", Integration in the Secure Shell Transport Layer",
RFC 5656, DOI 10.17487/RFC5656, December 2009, RFC 5656, DOI 10.17487/RFC5656, December 2009,
<http://www.rfc-editor.org/info/rfc5656>. <http://www.rfc-editor.org/info/rfc5656>.
[RFC6234] Eastlake 3rd, D. and T. Hansen, "US Secure Hash Algorithms
(SHA and SHA-based HMAC and HKDF)", RFC 6234,
DOI 10.17487/RFC6234, May 2011,
<http://www.rfc-editor.org/info/rfc6234>.
[RFC7748] Langley, A., Hamburg, M., and S. Turner, "Elliptic Curves [RFC7748] Langley, A., Hamburg, M., and S. Turner, "Elliptic Curves
for Security", RFC 7748, DOI 10.17487/RFC7748, January for Security", RFC 7748, DOI 10.17487/RFC7748, January
2016, <http://www.rfc-editor.org/info/rfc7748>. 2016, <http://www.rfc-editor.org/info/rfc7748>.
6.2. Informative References 6.2. Informative References
[Curve25519] [Curve25519]
Bernstein, D., "Curve25519: New Diffie-Hellman Speed Bernstein, D., "Curve25519: New Diffie-Hellman Speed
Records", Lecture Notes in Computer Science (LNCS) vol Records", Lecture Notes in Computer Science (LNCS) vol
3958, pp. 207-228, February 2006, 3958, pp. 207-228, February 2006,
 End of changes. 5 change blocks. 
7 lines changed or deleted 8 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/