draft-ietf-secsh-architecture-12.txt   draft-ietf-secsh-architecture-13.txt 
Network Working Group T. Ylonen Network Working Group T. Ylonen
Internet-Draft T. Kivinen Internet-Draft T. Kivinen
Expires: August 1, 2002 SSH Communications Security Corp Expires: March 21, 2003 SSH Communications Security Corp
M. Saarinen M. Saarinen
University of Jyvaskyla University of Jyvaskyla
T. Rinne T. Rinne
S. Lehtinen S. Lehtinen
SSH Communications Security Corp SSH Communications Security Corp
January 31, 2002 September 20, 2002
SSH Protocol Architecture SSH Protocol Architecture
draft-ietf-secsh-architecture-12.txt draft-ietf-secsh-architecture-13.txt
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
skipping to change at page 1, line 37 skipping to change at page 1, line 37
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on August 1, 2002. This Internet-Draft will expire on March 21, 2003.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2002). All Rights Reserved. Copyright (C) The Internet Society (2002). All Rights Reserved.
Abstract Abstract
SSH is a protocol for secure remote login and other secure network SSH is a protocol for secure remote login and other secure network
services over an insecure network. This document describes the services over an insecure network. This document describes the
architecture of the SSH protocol, as well as the notation and architecture of the SSH protocol, as well as the notation and
skipping to change at page 2, line 27 skipping to change at page 2, line 27
3.2 Extensibility . . . . . . . . . . . . . . . . . . . . . . . . 5 3.2 Extensibility . . . . . . . . . . . . . . . . . . . . . . . . 5
3.3 Policy Issues . . . . . . . . . . . . . . . . . . . . . . . . 5 3.3 Policy Issues . . . . . . . . . . . . . . . . . . . . . . . . 5
3.4 Security Properties . . . . . . . . . . . . . . . . . . . . . 6 3.4 Security Properties . . . . . . . . . . . . . . . . . . . . . 6
3.5 Packet Size and Overhead . . . . . . . . . . . . . . . . . . . 6 3.5 Packet Size and Overhead . . . . . . . . . . . . . . . . . . . 6
3.6 Localization and Character Set Support . . . . . . . . . . . . 7 3.6 Localization and Character Set Support . . . . . . . . . . . . 7
4. Data Type Representations Used in the SSH Protocols . . . . . 8 4. Data Type Representations Used in the SSH Protocols . . . . . 8
5. Algorithm Naming . . . . . . . . . . . . . . . . . . . . . . . 10 5. Algorithm Naming . . . . . . . . . . . . . . . . . . . . . . . 10
6. Message Numbers . . . . . . . . . . . . . . . . . . . . . . . 10 6. Message Numbers . . . . . . . . . . . . . . . . . . . . . . . 10
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11
8. Security Considerations . . . . . . . . . . . . . . . . . . . 12 8. Security Considerations . . . . . . . . . . . . . . . . . . . 12
9. Trademark Issues . . . . . . . . . . . . . . . . . . . . . . . 12 9. Intellectual Property . . . . . . . . . . . . . . . . . . . . 12
10. Additional Information . . . . . . . . . . . . . . . . . . . . 12 10. Additional Information . . . . . . . . . . . . . . . . . . . . 12
References . . . . . . . . . . . . . . . . . . . . . . . . . . 12 References . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 13 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 14
Full Copyright Statement . . . . . . . . . . . . . . . . . . . 15 Full Copyright Statement . . . . . . . . . . . . . . . . . . . 15
1. Introduction 1. Introduction
SSH is a protocol for secure remote login and other secure network SSH is a protocol for secure remote login and other secure network
services over an insecure network. It consists of three major services over an insecure network. It consists of three major
components: components:
o The Transport Layer Protocol [SSH-TRANS] provides server o The Transport Layer Protocol [SSH-TRANS] provides server
authentication, confidentiality, and integrity. It may optionally authentication, confidentiality, and integrity. It may optionally
also provide compression. The transport layer will typically be also provide compression. The transport layer will typically be
skipping to change at page 12, line 22 skipping to change at page 12, line 22
When displaying text, such as error or debug messages to the user, When displaying text, such as error or debug messages to the user,
the client software SHOULD replace any control characters (except the client software SHOULD replace any control characters (except
tab, carriage return and newline) with safe sequences to avoid tab, carriage return and newline) with safe sequences to avoid
attacks by sending terminal control characters. attacks by sending terminal control characters.
Not using MAC or encryption SHOULD be avoided. The user Not using MAC or encryption SHOULD be avoided. The user
authentication protocol is subject to man-in-the-middle attacks if authentication protocol is subject to man-in-the-middle attacks if
the encryption is disabled. The SSH protocol does not protect the encryption is disabled. The SSH protocol does not protect
against message alteration if no MAC is used. against message alteration if no MAC is used.
9. Trademark Issues 9. Intellectual Property
As of this writing, SSH Communications Security Oy claims ssh as its The IETF takes no position regarding the validity or scope of any
trademark. As with all IPR claims the IETF takes no position intellectual property or other rights that might be claimed to
regarding the validity or scope of this trademark claim. pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; neither does it represent that it
has made any effort to identify any such rights. Information on the
IETF's procedures with respect to rights in standards-track and
standards-related documentation can be found in BCP-11. Copies of
claims of rights made available for publication and any assurances of
licenses to be made available, or the result of an attempt made to
obtain a general license or permission for the use of such
proprietary rights by implementers or users of this specification can
be obtained from the IETF Secretariat.
The IETF has been notified of intellectual property rights claimed in
regard to some or all of the specification contained in this
document. For more information consult the online list of claimed
rights.
10. Additional Information 10. Additional Information
The current document editor is: Darren.Moffat@Sun.COM. Comments on The current document editor is: Darren.Moffat@Sun.COM. Comments on
this internet draft should be sent to the IETF SECSH working group, this internet draft should be sent to the IETF SECSH working group,
details at: http://ietf.org/html.charters/secsh-charter.html details at: http://ietf.org/html.charters/secsh-charter.html
References References
[FIPS-186] Federal Information Processing Standards Publication, [FIPS-186] Federal Information Processing Standards Publication,
skipping to change at page 13, line 29 skipping to change at page 13, line 44
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2279] Yergeau, F., "UTF-8, a transformation format of ISO [RFC2279] Yergeau, F., "UTF-8, a transformation format of ISO
10646", RFC 2279, January 1998. 10646", RFC 2279, January 1998.
[RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing [RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing
an IANA Considerations Section in RFCs", BCP 26, RFC an IANA Considerations Section in RFCs", BCP 26, RFC
2434, October 1998. 2434, October 1998.
[SSH-ARCH] Ylonen, T., "SSH Protocol Architecture", I-D draft- [SSH-ARCH] Ylonen, T., "SSH Protocol Architecture", I-D draft-
ietf-architecture-12.txt, July 2001. ietf-architecture-13.txt, September 2002.
[SSH-TRANS] Ylonen, T., "SSH Transport Layer Protocol", I-D [SSH-TRANS] Ylonen, T., "SSH Transport Layer Protocol", I-D
draft-ietf-transport-12.txt, July 2001. draft-ietf-transport-15.txt, September 2002.
[SSH-USERAUTH] Ylonen, T., "SSH Authentication Protocol", I-D draft- [SSH-USERAUTH] Ylonen, T., "SSH Authentication Protocol", I-D draft-
ietf-userauth-14.txt, July 2001. ietf-userauth-16.txt, September 2002.
[SSH-CONNECT] Ylonen, T., "SSH Connection Protocol", I-D draft- [SSH-CONNECT] Ylonen, T., "SSH Connection Protocol", I-D draft-
ietf-connect-15.txt, July 2001. ietf-connect-16.txt, September 2002.
Authors' Addresses Authors' Addresses
Tatu Ylonen Tatu Ylonen
SSH Communications Security Corp SSH Communications Security Corp
Fredrikinkatu 42 Fredrikinkatu 42
HELSINKI FIN-00100 HELSINKI FIN-00100
Finland Finland
EMail: ylo@ssh.com EMail: ylo@ssh.com
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/