2.6.15 Secure Shell (secsh)

NOTE: This charter is a snapshot of the 62nd IETF Meeting in Minneapolis, MN USA. It may now be out-of-date.

Last Modified: 2005-02-07


Bill Sommerfeld <sommerfeld@sun.com>

Security Area Director(s):

Russell Housley <housley@vigilsec.com>
Sam Hartman <hartmans-ietf@mit.edu>

Security Area Advisor:

Sam Hartman <hartmans-ietf@mit.edu>

Mailing Lists:

General Discussion: ietf-ssh@netbsd.org
To Subscribe: majordomo@netbsd.org
In Body: subscribe ietf-ssh
Archive: ftp://ftp.ietf.org/ietf-mail-archive/secsh/

Description of Working Group:

The goal of the working group is to update and standardize the popular
SSH protocol. SSH provides support for secure remote login, secure file
transfer, and secure TCP/IP and X11 forwardings. It can automatically
encrypt, authenticate, and compress transmitted data.  The working
group will attempt to assure that the SSH protocol

o  provides strong security against cryptanalysis and protocol

o  can work reasonably well without a global key management or
    certificate infrastructure,

o  can utilize existing certificate infrastructures (e.g., DNSSEC,
    SPKI, X.509) when available,

o  can be made easy to deploy and take into use,

o  requires minimum or no manual interaction from users,

o  is reasonably clean and simple to implement.

The resulting protocol will operate over TCP/IP or other reliable but
insecure transport. It is intended to be implemented at the application

Goals and Milestones:

Done  Submit Internet-Draft on SSH-2.0 protocol
Done  Decide on Transport Layer protocol at Memphis IETF.
Done  Post revised core secsh drafts
Done  Submit core drafts to IESG for publication as proposed standard
Done  Post extensions drafts for review
Done  Start sending extensions drafts to Last Call
Apr 02  GSSAPI draft ready for last call
Apr 02  Publish draft on new crypto modes
May 02  Agent draft ready for last call
May 02  Publish draft on X.509v3/pkix support (or subsume into gssapi draft)
May 02  Publish draft on terminal server support
Dec 02  File transfer draft ready for last call


  • draft-ietf-secsh-transport-23.txt
  • draft-ietf-secsh-userauth-26.txt
  • draft-ietf-secsh-connect-24.txt
  • draft-ietf-secsh-architecture-21.txt
  • draft-ietf-secsh-auth-kbdinteract-06.txt
  • draft-ietf-secsh-filexfer-06.txt
  • draft-ietf-secsh-dh-group-exchange-04.txt
  • draft-ietf-secsh-assignednumbers-11.txt
  • draft-ietf-secsh-dns-05.txt

    No Request For Comments

    Current Meeting Report

    Minutes of the Secure Shell [secsh] meeting at the 62nd IETF.
    Thursday 10 March 2005, 1pm-1:20pm

    We met briefly to review the working group status and to allow a security AD to beat us up.

    [A lot has happened since the meeting, so I'm putting updates in square brackets so as to not confuse people]

    1) AD Commentary:

    Russ Housley is the shepherding AD for the core drafts.

    They have been before the IESG for 18 months, waiting for resolutions to various issues. Through the entire period, there was always one major blocking issue; exactly which one was blocking changed several times.

    It currently takes 9 IESG members to approve a document; these have been waiting so long (partly due to waiting for IESG members or the IPR WG's to act) that due to IESG turnover, only 8 original votes are left.

    Russ gave us 6 weeks to get them on the IESG agenda; if that deadline was not met, he will send the documents back to the WG requiring full AD review, IETF-wide last call, etc., because they've been paged out for so long. However, he permitted us to proceed assuming the IPR-WG's in-room consensus on trademark references will withstand review. That removes the last non-nit issue.

    2) WG Status:

    Document authors should note that the required draft boilerplate has just changed again. Update your tools, etc.,

    2.1) Core documents:

    At the time of the meeting the core drafts were waiting for a respin which was itself dependent on the resolution to the IPR-WG's conclusions about trademarks. The one technical change to the specification of note related to the use of UTF8 to encode usernames and password and its interaction with UTF8 normalization; the approach adopted is parallel to what other working groups (particularly SASL) have been pursuing in this area.

    [As of April 8th, the core drafts have been approved by the IESG and are now in the RFC Editor's queue. many thanks to all who helped this to happen.]

    2.2) Extension drafts:

    Before the IESG, with several open DISCUSS points.
    [draft author has promised to send in a revision when he gets back from vacation]

    [Resurrected and in WG last call with editorial comments only so far]

    Still active and continued slow work
    [Main issue seems to be one of complexity vs.]

    Several other drafts have expired and are in need of reissuance. [And have been. A few stragglers still haven't reappeared yet..] Hopefully the unblocking of the core drafts will permit forward progress.

    3) Milestones.

    Milestones badly in need of revision. Will be updated after discussion on the list.