idnits 2.17.1 draft-ietf-curdle-ssh-ed25519-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 81 has weird spacing: '... string key...' == Line 96 has weird spacing: '... string sig...' -- The document date (May 3, 2016) is 2915 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Missing Reference: 'RFCXXXX' is mentioned on line 118, but not defined == Outdated reference: A later version (-08) exists of draft-irtf-cfrg-eddsa-05 Summary: 0 errors (**), 0 flaws (~~), 5 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group B. Harris 3 Internet-Draft May 3, 2016 4 Intended status: Informational 5 Expires: November 4, 2016 7 Ed25519 public key algorithm for the Secure Shell (SSH) protocol 8 draft-ietf-curdle-ssh-ed25519-00 10 Abstract 12 This document describes the use of the Ed25519 digital signature 13 algorithm in the Secure Shell (SSH) protocol. 15 Status of This Memo 17 This Internet-Draft is submitted in full conformance with the 18 provisions of BCP 78 and BCP 79. 20 Internet-Drafts are working documents of the Internet Engineering 21 Task Force (IETF). Note that other groups may also distribute 22 working documents as Internet-Drafts. The list of current Internet- 23 Drafts is at http://datatracker.ietf.org/drafts/current/. 25 Internet-Drafts are draft documents valid for a maximum of six months 26 and may be updated, replaced, or obsoleted by other documents at any 27 time. It is inappropriate to use Internet-Drafts as reference 28 material or to cite them other than as "work in progress." 30 This Internet-Draft will expire on November 4, 2016. 32 Copyright Notice 34 Copyright (c) 2016 IETF Trust and the persons identified as the 35 document authors. All rights reserved. 37 This document is subject to BCP 78 and the IETF Trust's Legal 38 Provisions Relating to IETF Documents 39 (http://trustee.ietf.org/license-info) in effect on the date of 40 publication of this document. Please review these documents 41 carefully, as they describe your rights and restrictions with respect 42 to this document. Code Components extracted from this document must 43 include Simplified BSD License text as described in Section 4.e of 44 the Trust Legal Provisions and are provided without warranty as 45 described in the Simplified BSD License. 47 1. Introduction 49 Secure Shell (SSH) [RFC4251] is a secure remote-login protocol. It 50 provides for an extensible variety of public key algorithms for 51 identifying servers and users to one another. Ed25519 52 [I-D.irtf-cfrg-eddsa] is a digital signature system. OpenSSH 6.5 53 [OpenSSH-6.5] introduced support for using Ed25519 for server and 54 user authentication. Compatible support for Ed25519 has since been 55 added to other SSH implementations. 57 This document describes the method implemented by OpenSSH and others, 58 and formalizes its use of the name "ssh-ed25519". 60 Comments on this draft are welcomed and should be sent to the Curdle 61 Working Group mailing list. 63 2. Conventions Used in This Document 65 The descriptions of key and signature formats use the notation 66 introduced in [RFC4251], Section 3 and the string data type from 67 [RFC4251], Section 5. 69 3. Public Key Algorithm 71 This document describes a public key algorithm for use with SSH in 72 accordance with [RFC4253], Section 6.6. The name of the algorithm is 73 "ssh-ed25519". This algorithm only supports signing and not 74 encryption. 76 4. Public Key Format 78 The "ssh-ed25519" key format has the following encoding: 80 string "ssh-ed25519" 81 string key 83 Here 'key' is the 32-octet public key described by 84 [I-D.irtf-cfrg-eddsa], Section 5.1.5. 86 5. Signature Algorithm 88 Signatures are generated according to the procedure in 89 [I-D.irtf-cfrg-eddsa], Section 5.1.6. 91 6. Signature format 93 The corresponding signature format is: 95 string "ssh-ed25519" 96 string signature 98 Here 'signature' is the 64-octet signature produced in accordance 99 with [I-D.irtf-cfrg-eddsa], Section 5.1.6. 101 7. Verification Algorithm 103 Signatures are verified according to the procedure in 104 [I-D.irtf-cfrg-eddsa], Section 5.1.7. 106 8. SSHFP DNS resource records 108 The generation of SSHFP resource records for "ssh-ed25519" keys is 109 described in [RFC7479]. 111 9. IANA Considerations 113 IANA is requested to assign the Public Key Algorithm name 114 "ssh-ed25519" in accordance with [RFC4250], Section 4.6.2: 116 Public Key Algorithm Name Reference 117 ------------------------- --------- 118 ssh-ed25519 [RFCXXXX] 120 [TO BE REMOVED: This registration should take place at the following 121 location: ] 124 10. Security Considerations 126 The security considerations in [RFC4251], Section 9 apply to all SSH 127 implementations, including those using Ed25519. 129 The security considerations in [I-D.irtf-cfrg-eddsa], Section 10 130 apply to all uses of Ed25519, including those in SSH. 132 11. Acknowledgements 134 The OpenSSH implementation of Ed25519 in SSH was written by Markus 135 Friedl. 137 12. References 139 12.1. Normative References 141 [RFC4250] Lehtinen, S. and C. Lonvick, Ed., "The Secure Shell (SSH) 142 Protocol Assigned Numbers", RFC 4250, 143 DOI 10.17487/RFC4250, January 2006, 144 . 146 [RFC4251] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH) 147 Protocol Architecture", RFC 4251, DOI 10.17487/RFC4251, 148 January 2006, . 150 [RFC4253] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH) 151 Transport Layer Protocol", RFC 4253, DOI 10.17487/RFC4253, 152 January 2006, . 154 [I-D.irtf-cfrg-eddsa] 155 Josefsson, S. and I. Liusvaara, "Edwards-curve Digital 156 Signature Algorithm (EdDSA)", draft-irtf-cfrg-eddsa-05 157 (work in progress), March 2016. 159 12.2. Informative References 161 [RFC7479] Moonesamy, S., "Using Ed25519 in SSHFP Resource Records", 162 RFC 7479, DOI 10.17487/RFC7479, March 2015, 163 . 165 [OpenSSH-6.5] 166 Friedl, M., Provos, N., de Raadt, T., Steves, K., Miller, 167 D., Tucker, D., McIntyre, J., Rice, T., and B. Lindstrom, 168 "[OpenSSH 6.5 release notes]", January 2014, 169 . 171 Author's Address 173 Ben Harris 174 2A Eachard Road 175 CAMBRIDGE CB3 0HY 176 UNITED KINGDOM 178 Email: bjh21@bjh21.me.uk