<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
<!ENTITY rfc2119 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml">
<!ENTITY rfc2629 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2629.xml">
<!ENTITY rfc4250 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4250.xml">
<!ENTITY rfc4251 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4251.xml">
<!ENTITY rfc4253 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4253.xml">
<!ENTITY rfc4255 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4255.xml">
<!ENTITY rfc6594 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6594.xml">
<!ENTITY rfc8391 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8391.xml">
<!ENTITY rfc8174 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8174.xml">

]>
<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
<?rfc strict="yes" ?>
<?rfc toc="no"?>
<?rfc tocdepth="4"?>
<?rfc symrefs="yes"?>
<?rfc sortrefs="yes" ?>
<?rfc compact="yes" ?>
<?rfc subcompact="no" ?>
<rfc category="std"
     docName="draft-mu-curdle-ssh-xmss-00"
     updates="RFC4253"
     ipr="trust200902">
 <front>

   <title abbrev="XMSS for SSH">
     XMSS public key algorithms for the Secure Shell (SSH) protocol
   </title>
   <author initials="L." surname="Velvindron" fullname="Loganaden Velvindron">
   <organization> cyberstorm.mu</organization>
     <address>
       <postal>
	 <street>Avenue De Plevitz</street>
	 <city>Roches Brunes</city>
	 <country>Mauritius</country>
       </postal>
       <email>logan@cyberstorm.mu</email>
     </address>
   </author>
 
   <author initials="J." surname="Daniel" fullname="Jeremie Daniel">
   <organization> cyberstorm.mu</organization>
    <address>
       <postal>
	 <street>25C, Thompson Road</street>
	 <city>Vacoas</city>
	 <country>Mauritius</country>
       </postal>
       <email>jeremie@cyberstorm.mu</email>
     </address>
   </author>
   <date year="2019" />
   <workgroup>Internet Engineering Task Force</workgroup>
   <abstract>
     <t>
       This document describes the use of the XMSS (XMSS: eXtended Merkle Signature Scheme) which is resistant to
       quantum computers attack, as a digital
       signature algorithm in the Secure Shell (SSH) protocol.
     </t>
   </abstract>
 </front>

 <middle>
   <section title="Introduction">
     <t>
       Secure Shell (SSH) <xref target="RFC4251"/> is a secure
       remote-login protocol. It provides for an extensible variety of
       public key algorithms for identifying servers and users to one
       another. XMSS <xref target="RFC8391"/> is a digital
       signature system. OpenSSH 7.7 <xref target="OpenSSH-7.7"/>
       introduced support for using XMSS for server and user
       authentication and was then followed by other SSH implementations. 
     </t>
     <t>
       This document describes the method implemented by OpenSSH and
       others, and formalizes its use of the name "ssh-xmss".
     </t>
     <t>
       [TO BE REMOVED: Please send comments on this draft to curdle@ietf.org.]
     </t>
   </section>

   <section title="Conventions Used in This Document">
     <t>
       The descriptions of key and signature formats use the notation
       introduced in <xref target="RFC4251">[RFC4251], Section
       3</xref> and the string data type from <xref
       target="RFC4251">[RFC4251], Section 5</xref>.
     </t>
     <section title="Requirements Language">
       <t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
       "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
       document are to be interpreted as described in <xref
       target="RFC2119">RFC 2119</xref> <xref target="RFC8174">RFC 8174</xref> 
       when, and only when, they appear in all capitals, as shown here.</t>
     </section>
   </section>

   <section title="Public Key Algorithm">
     <t>
       This document describes a public key algorithm for use with SSH
       in accordance with <xref target="RFC4253">[RFC4253], Section
       6.6</xref>. The name of the algorithm is "ssh-xmss". This
       algorithm only supports signing and not encryption. 
     </t>

     <t>
Standard implementations of SSH SHOULD implement these signature algorithms.
     </t>
   </section>

   <section title="Public Key Format">
     <figure>
       <preamble>
	 The "ssh-xmss" key format has the following encoding:
       </preamble>
       <artwork>
string    "ssh-xmss"
string    key
       </artwork>
     </figure>
       
     <t>
       Here 'key' is the 32-octet public key described by
       <xref target="RFC8391">[RFC8391], Section 4.1.7</xref>.
     </t>

    

   </section>

   <section title="Signature Algorithm">
     <t>
       Signatures are generated according to the procedure in
       <xref target="RFC8391">[RFC8391], Section 4.1.8 </xref>.
     </t>
   </section>

   <section title="Signature Format">
     <figure>
       <preamble>
	 The "ssh-xmss" key format has the following encoding:
       </preamble>
       <artwork>
string    "ssh-xmss"
string    signature
       </artwork>
     </figure>
     <t>
       Here 'signature' is the 64-octet signature produced in
       accordance with <xref target="RFC8391">[RFC8391], Section
       4.1.9</xref>.
     </t>

   </section>

   <section title="Verification Algorithm">
     <t>
       XMSS signatures are verified according to the procedure in
       <xref target="RFC8391">[RFC8391], Section 4.1.10</xref>.
     </t>

   </section>

   <section title="SSHFP DNS resource records">
    <t>
Usage and generation of SSHFP DNS resource record is described in <xref target="RFC4255"></xref>. 
This section illustrates the generation of SSHFP resource records for "ssh-xmss" keys and 
the document specifies the corresponding xmss code point to the
 "SSHFP RR Types for public key algorithms" IANA registry.
     </t>
     <t>
       The generation of SSHFP resource records for "ssh-xmss" keys
       is described as follows.
     </t>
<t>
The encoding of xmss public keys is described in <xref target="RFC8391"></xref>. In brief,
an xmss public key is a 57-octet value representing a 455-bit y-coordinate
of an elliptic curve point, and a sign bit indicating the the corresponding 
x-coordinate.
</t>
<t>
The SSHFP Resource Record for the xmss public key with SHA-256 fingerprint
would for example be:
</t>
<t>
example.com. IN SSHFP TBD 2 ( a87f1b687ac0e57d2a081a2f2826723
                                     34d90ed316d2b818ca9580ea384d924
                                     01 )
</t>
<t>
The 2 here indicates SHA-256 <xref target="RFC6594"></xref>.
</t>
   </section>

   <section title="IANA Considerations">
     <t>This document augments the Public Key Algorithm Names in <xref
     target="RFC4250">[RFC4250], Section 4.6.2</xref>.
     </t>
     <t>
       IANA is requested to add to the Public Key Algorithm Names
       registry <xref target="IANA-PKA"/> with the following
       entry:
     </t>
     <texttable style="headers">
       <ttcol>Public Key Algorithm Name</ttcol><ttcol>Reference</ttcol>
       <c>ssh-xmss</c><c>This Draft</c>
     </texttable>
     <t>
IANA is requested to add the following entry to the "SSHFP RR Types for public
   key algorithms" registry <xref target="IANA-SSHFP"></xref>:
     </t>
     <t>+--------+-------------+------------+</t>
      <t>| Value  | Description |  Reference |</t>
      <t>+--------+-------------+------------+</t>
      <t>|   TBD    |    xmss  | [this-draft]  |</t>
      <t>+--------+-------------+------------+</t>

     
     <t>
We strongly suggest 5 as value.
</t>
<t>
	[TO BE REMOVED: This registration should take place at the
	following location:
        &lt;http://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-19>]
      </t>
   </section>

   <section title="Security Considerations">
     <t>
       The security considerations in <xref target="RFC4251">
       [RFC4251], Section 9</xref> apply to all SSH
       implementations, including those using xmss.
     </t>

     <t>
       The security considerations in <xref target="RFC8391">
       [RFC8391], Section 8</xref>  apply to all uses of xmss
       including those in SSH.
     </t>
   </section>

   <section title="Acknowledgements">
     <t>
       The OpenSSH implementation of XMSS in SSH was written by Markus
       Friedl. We are also grateful to Daniel Migault for their comments.
     </t>
   </section>

 </middle>

<back>

   <references title="Normative References">
     &rfc2119;
     &rfc4250;
     &rfc4251;
     &rfc4253;
     &rfc4255;
     &rfc6594;
     &rfc8391;
     &rfc8174;
 
   </references>

   <references title="Informative References">

     <reference
         anchor="IANA-PKA"
	 target="http://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-19">
       <front>
	 <title>Secure Shell (SSH) Protocol Parameters:
	 Public Key Algorithm Names</title>
	 <author>
	   <organization>Internet Assigned Numbers Authority (IANA)
	   </organization>
	 </author>
	 <date month="May" year="2017"/>
       </front>
     </reference>

  <reference
         anchor="IANA-SSHFP"
	 target="https://www.iana.org/assignments/dns-sshfp-rr-parameters/dns-sshfp-rr-parameters.xhtml#dns-sshfp-rr-parameters-1">
       <front>
	 <title>Secure Shell (SSH) Protocol Parameters:
	 Public Key Algorithm Names</title>
	 <author>
	   <organization>Internet Assigned Numbers Authority (IANA)
	   </organization>
	 </author>
	 <date month="May" year="2017"/>
       </front>
     </reference>


     <reference
	 anchor="OpenSSH-7.7"
	 target="http://www.openssh.com/txt/release-7.7">
       <front>
	 <title>OpenSSH 7.7 release notes</title>
	 <author surname="Friedl" initials="M." fullname="Marcus Friedl"/>
	 <author surname="Provos" initials="N." fullname="Niels Provos"/>
	 <author surname="de Raadt" initials="T." fullname="Theo de Raadt"/>
	 <author surname="Steves" initials="K." fullname="Kevin Steves"/>
	 <author surname="Miller" initials="D." fullname="Damien Miller"/>
	 <author surname="Tucker" initials="D." fullname="Darren Tucker"/>
	 <author surname="Rice" initials="T." fullname="Tim Rice"/>
	 <author surname="Lindstrom" initials="B." fullname="Ben Lindstrom"/>
	 <date month="January" year="2018"/>
       </front>
     </reference>
  </references>

</back>
</rfc>
