Secure Shell (secsh)

NOTE: This charter is a snapshot of the . It may now be out-of-date.

Last Modified: 2005-09-08

Chair(s):

Bill Sommerfeld <sommerfeld@sun.com>

Security Area Director(s):

Russ Housley <housley@vigilsec.com>
Sam Hartman <hartmans-ietf@mit.edu>

Security Area Advisor:

Sam Hartman <hartmans-ietf@mit.edu>

Mailing Lists:

General Discussion: ietf-ssh@netbsd.org
To Subscribe: majordomo@netbsd.org
In Body: subscribe ietf-ssh
Archive: ftp://ftp.ietf.org/ietf-mail-archive/secsh/

Description of Working Group:

The goal of the working group is to update and standardize the popular
SSH protocol. SSH provides support for secure remote login, secure file
transfer, and secure TCP/IP and X11 forwardings. It can automatically
encrypt, authenticate, and compress transmitted data.  The working
group will attempt to assure that the SSH protocol

o  provides strong security against cryptanalysis and protocol
attacks,

o  can work reasonably well without a global key management or
    certificate infrastructure,

o  can utilize existing certificate infrastructures (e.g., DNSSEC,
    SPKI, X.509) when available,

o  can be made easy to deploy and take into use,

o  requires minimum or no manual interaction from users,

o  is reasonably clean and simple to implement.

The resulting protocol will operate over TCP/IP or other reliable but
insecure transport. It is intended to be implemented at the application
level.

Goals and Milestones:

Done  Submit Internet-Draft on SSH-2.0 protocol
Done  Decide on Transport Layer protocol at Memphis IETF.
Done  Post revised core secsh drafts
Done  Submit core drafts to IESG for publication as proposed standard
Done  Post extensions drafts for review
Done  Start sending extensions drafts to Last Call
Done  Publish draft on new crypto modes
Done  GSSAPI draft ready for last call
Done  Publish draft on X.509v3/pkix support (or subsume into gssapi draft)
Done  Publish draft on terminal server support
Done  IESG approval of core drafts
Aug 2005  Public key subsystem ready for last call
Done  Publickeyfile ready for last call as Informational
Sep 2005  URI draft ready for last call
Oct 2005  File transfer draft ready for last call
Oct 2005  X.509v3/pkix draft ready for last call
Nov 2005  Investigate Draft Standard status for secure shell

Internet-Drafts:

  • draft-ietf-secsh-filexfer-12.txt
  • draft-ietf-secsh-gsskeyex-10.txt
  • draft-ietf-secsh-publickeyfile-12.txt
  • draft-ietf-secsh-dh-group-exchange-05.txt
  • draft-ietf-secsh-scp-sftp-ssh-uri-04.txt
  • draft-ietf-secsh-publickey-subsystem-05.txt
  • draft-ietf-secsh-x509-03.txt
  • draft-ietf-secsh-filexfer-extensions-00.txt

    Request For Comments:

    RFCStatusTitle
    RFC4250 Standard The Secure Shell (SSH) Protocol Assigned Numbers
    RFC4251 Standard The Secure Shell (SSH) Protocol Architecture
    RFC4252 Standard The Secure Shell (SSH) Authentication Protocol
    RFC4253 Standard The Secure Shell (SSH) Transport Layer Protocol
    RFC4254 Standard The Secure Shell (SSH) Connection Protocol
    RFC4255 Standard Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints
    RFC4256 Standard Generic Message Exchange Authentication For The Secure Shell Protocol (SSH)
    RFC4335 Standard Secure Shell (SSH) Session Channel Break Extension
    RFC4344 Standard The Secure Shell (SSH) Transport Layer Encryption Modes