idnits 2.17.1 draft-ietf-secsh-assignednumbers-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard == It seems as if not all pages are separated by form feeds - found 0 form feeds but 10 pages Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an Introduction section. ** The document seems to lack a Security Considerations section. ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** There are 3 instances of too long lines in the document, the longest one being 8 characters in excess of 72. ** The abstract seems to contain references ([SSH-USERAUTH], [SSH-CONNECT], [SSH-TRANS], [SSH-ARCH]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 165: '... MUST be printable US-ASCII strings,...' RFC 2119 keyword, line 168: '... MUST NOT be longer than 64 characte...' RFC 2119 keyword, line 186: '... MUST be printable US-ASCII strings,...' RFC 2119 keyword, line 189: '... MUST NOT be longer than 64 characte...' RFC 2119 keyword, line 204: '...t and type names MUST be printable US-...' (8 more instances...) Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (August 14, 2003) is 7555 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Missing reference section? 'SSH-ARCH' on line 318 looks like a reference -- Missing reference section? 'SSH-TRANS' on line 321 looks like a reference -- Missing reference section? 'SSH-USERAUTH' on line 324 looks like a reference -- Missing reference section? 'SSH-CONNECT' on line 327 looks like a reference -- Missing reference section? 'Section 4' on line 197 looks like a reference -- Missing reference section? 'Section 5' on line 198 looks like a reference -- Missing reference section? 'Section 6' on line 199 looks like a reference -- Missing reference section? 'FIPS-46-3' on line 334 looks like a reference -- Missing reference section? 'FIPS 46-3' on line 291 looks like a reference -- Missing reference section? 'SSH-NUMBERS' on line 330 looks like a reference Summary: 7 errors (**), 0 flaws (~~), 3 warnings (==), 12 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Network Working Group S. Lehtinen 2 Internet-Draft SSH Communications Security Corp 3 Expires: February 12, 2004 D. Moffat 4 Sun Microsystems 5 August 14, 2003 7 SSH Protocol Assigned Numbers 8 draft-ietf-secsh-assignednumbers-03.txt 10 Status of this Memo 12 This document is an Internet-Draft and is in full conformance with 13 all provisions of Section 10 of RFC2026. 15 Internet-Drafts are working documents of the Internet Engineering 16 Task Force (IETF), its areas, and its working groups. Note that 17 other groups may also distribute working documents as Internet- 18 Drafts. 20 Internet-Drafts are draft documents valid for a maximum of six months 21 and may be updated, replaced, or obsoleted by other documents at any 22 time. It is inappropriate to use Internet-Drafts as reference 23 material or to cite them other than as "work in progress." 25 The list of current Internet-Drafts can be accessed at 26 http://www.ietf.org/ietf/1id-abstracts.txt. 28 The list of Internet-Draft Shadow Directories can be accessed at 29 http://www.ietf.org/shadow.html. 31 This Internet-Draft will expire on February 12, 2004. 33 Copyright Notice 35 Copyright (C) The Internet Society (2003). All Rights Reserved. 37 Abstract 39 This document defines the initial state of the IANA assigned numbers 40 for the SSH protocol as defined in [SSH-ARCH], [SSH-TRANS], [SSH- 41 CONNECT], [SSH-USERAUTH]. Except for one HISTORIC algorithm 42 generally regarded as obsolete, this document does not define any new 43 protocols or any number ranges not already defined in the above 44 referenced documents. It is intended only for initalization of the 45 IANA databases referenced in those documents. 47 Table of Contents 49 1. Message Numbers . . . . . . . . . . . . . . . . . . . . . . 3 50 1.1 Disconnect Codes . . . . . . . . . . . . . . . . . . . . . . 4 51 2. Service Names . . . . . . . . . . . . . . . . . . . . . . . 5 52 2.1 Authentication Method Names . . . . . . . . . . . . . . . . 5 53 2.2 Connection Protocol Assigned Names . . . . . . . . . . . . . 6 54 2.2.1 Connection Protocol Channel Types . . . . . . . . . . . . . 6 55 2.2.2 Connection Protocol Global Request Names . . . . . . . . . . 6 56 2.2.3 Connection Protocol Channel Request Names . . . . . . . . . 6 57 3. Key Exchange Method Names . . . . . . . . . . . . . . . . . 7 58 4. Assigned Algorithm Names . . . . . . . . . . . . . . . . . . 7 59 4.1 Encryption Algorithm Names . . . . . . . . . . . . . . . . . 7 60 4.2 MAC Algorithm Names . . . . . . . . . . . . . . . . . . . . 8 61 4.3 Public Key Algorithm Names . . . . . . . . . . . . . . . . . 8 62 References . . . . . . . . . . . . . . . . . . . . . . . . . 8 63 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 9 64 Full Copyright Statement . . . . . . . . . . . . . . . . . . 10 66 1. Message Numbers 68 The Message Number is an 8-bit value, which describes the payload of 69 a packet. 71 Protocol packets have message numbers in the range 1 to 255. These 72 numbers have been allocated as follows in [SSH-ARCH]: 74 Transport layer protocol: 76 1 to 19 Transport layer generic (e.g. disconnect, ignore, debug, etc.) 77 20 to 29 Algorithm negotiation 78 30 to 49 Key exchange method specific (numbers can be reused for 79 different authentication methods) 81 User authentication protocol: 83 50 to 59 User authentication generic 84 60 to 79 User authentication method specific (numbers can be 85 reused for different authentication methods) 87 Connection protocol: 89 80 to 89 Connection protocol generic 90 90 to 127 Channel related messages 92 Reserved for client protocols: 94 128 to 191 Reserved 96 Local extensions: 98 192 to 255 Local extensions 100 Requests for assignments of new message numbers must be accompanied 101 by an RFC which describes the new packet type. If the RFC is not on 102 the standards-track (i.e. it is an informational or experimental 103 RFC), it must be explicitly reviewed and approved by the IESG before 104 the RFC is published and the message number is assigned. 106 Message ID Value Reference 107 ----------- ----- --------- 108 SSH_MSG_DISCONNECT 1 [SSH-TRANS] 109 SSH_MSG_IGNORE 2 [SSH-TRANS] 110 SSH_MSG_UNIMPLEMENTED 3 [SSH-TRANS] 111 SSH_MSG_DEBUG 4 [SSH-TRANS] 112 SSH_MSG_SERVICE_REQUEST 5 [SSH-TRANS] 113 SSH_MSG_SERVICE_ACCEPT 6 [SSH-TRANS] 114 SSH_MSG_KEXINIT 20 [SSH-TRANS] 115 SSH_MSG_NEWKEYS 21 [SSH-TRANS] 116 SSH_MSG_KEXDH_INIT 30 [SSH-TRANS] 117 SSH_MSG_KEXDH_REPLY 31 [SSH-TRANS] 118 SSH_MSG_USERAUTH_REQUEST 50 [SSH-USERAUTH] 119 SSH_MSG_USERAUTH_FAILURE 51 [SSH-USERAUTH] 120 SSH_MSG_USERAUTH_SUCCESS 52 [SSH-USERAUTH] 121 SSH_MSG_USERAUTH_BANNER 53 [SSH-USERAUTH] 122 SSH_MSG_USERAUTH_PK_OK 60 [SSH-USERAUTH] 123 SSH_MSG_GLOBAL_REQUEST 80 [SSH-CONNECT] 124 SSH_MSG_REQUEST_SUCCESS 81 [SSH-CONNECT] 125 SSH_MSG_REQUEST_FAILURE 82 [SSH-CONNECT] 126 SSH_MSG_CHANNEL_OPEN 90 [SSH-CONNECT] 127 SSH_MSG_CHANNEL_OPEN_CONFIRMATION 91 [SSH-CONNECT] 128 SSH_MSG_CHANNEL_OPEN_FAILURE 92 [SSH-CONNECT] 129 SSH_MSG_CHANNEL_WINDOW_ADJUST 93 [SSH-CONNECT] 130 SSH_MSG_CHANNEL_DATA 94 [SSH-CONNECT] 131 SSH_MSG_CHANNEL_EXTENDED_DATA 95 [SSH-CONNECT] 132 SSH_MSG_CHANNEL_EOF 96 [SSH-CONNECT] 133 SSH_MSG_CHANNEL_CLOSE 97 [SSH-CONNECT] 134 SSH_MSG_CHANNEL_REQUEST 98 [SSH-CONNECT] 135 SSH_MSG_CHANNEL_SUCCESS 99 [SSH-CONNECT] 136 SSH_MSG_CHANNEL_FAILURE 100 [SSH-CONNECT] 138 1.1 Disconnect Codes 140 The Disconnect code is an 8-bit value, which describes the disconnect 141 reason. Requests for assignments of new disconnect codes must be 142 accompanied by an RFC which describes the new disconnect reason code. 144 Disconnect code Value Reference 145 ---------------- ----- --------- 146 SSH_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT 1 [SSH-TRANS] 147 SSH_DISCONNECT_PROTOCOL_ERROR 2 [SSH-TRANS] 148 SSH_DISCONNECT_KEY_EXCHANGE_FAILED 3 [SSH-TRANS] 149 SSH_DISCONNECT_RESERVED 4 [SSH-TRANS] 150 SSH_DISCONNECT_MAC_ERROR 5 [SSH-TRANS] 151 SSH_DISCONNECT_COMPRESSION_ERROR 6 [SSH-TRANS] 152 SSH_DISCONNECT_SERVICE_NOT_AVAILABLE 7 [SSH-TRANS] 153 SSH_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED 8 [SSH-TRANS] 154 SSH_DISCONNECT_HOST_KEY_NOT_VERIFIABLE 9 [SSH-TRANS] 155 SSH_DISCONNECT_CONNECTION_LOST 10 [SSH-TRANS] 156 SSH_DISCONNECT_BY_APPLICATION 11 [SSH-TRANS] 157 SSH_DISCONNECT_TOO_MANY_CONNECTIONS 12 [SSH-TRANS] 158 SSH_DISCONNECT_AUTH_CANCELLED_BY_USER 13 [SSH-TRANS] 159 SSH_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE 14 [SSH-TRANS] 160 SSH_DISCONNECT_ILLEGAL_USER_NAME 15 [SSH-TRANS] 162 2. Service Names 164 The Service Name is used to describe a protocol layer. These names 165 MUST be printable US-ASCII strings, and MUST NOT contain the 166 characters at-sign ('@'), comma (','), or whitespace or control 167 characters (ASCII codes 32 or less). Names are case-sensitive, and 168 MUST NOT be longer than 64 characters. 170 Requests for assignments of new service names must be accompanied by 171 an RFC which describes the interpretation for the service name. If 172 the RFC is not on the standards-track (i.e. it is an informational 173 or experimental RFC), it must be explicitly reviewed and approved by 174 the IESG before the RFC is published and the service name is 175 assigned. 177 Service name Reference 178 ------------- --------- 179 ssh-userauth [SSH-USERAUTH] 180 ssh-connection [SSH-CONNECT] 182 2.1 Authentication Method Names 184 The Authentication Method Name is used to describe an authentication 185 method for the "ssh-userauth" service [SSH-USERAUTH]. These names 186 MUST be printable US-ASCII strings, and MUST NOT contain the 187 characters at-sign ('@'), comma (','), or whitespace or control 188 characters (ASCII codes 32 or less). Names are case-sensitive, and 189 MUST NOT be longer than 64 characters. 191 Requests for assignments of new authentication method names must be 192 accompanied by an RFC which describes the interpretation for the 193 authentication method. 195 Method name Reference 196 ------------ --------- 197 publickey [SSH-USERAUTH, Section 4] 198 password [SSH-USERAUTH, Section 5] 199 hostbased [SSH-USERAUTH, Section 6] 200 none [SSH-USERAUTH, Section 2.3] 202 2.2 Connection Protocol Assigned Names 204 The following request and type names MUST be printable US-ASCII 205 strings, and MUST NOT contain the characters at-sign ('@'), comma 206 (','), or whitespace or control characters (ASCII codes 32 or less). 207 Names are case-sensitive, and MUST NOT be longer than 64 characters. 209 Requests for assignments of new assigned names must be accompanied by 210 an RFC which describes the interpretation for the type or request. 212 2.2.1 Connection Protocol Channel Types 214 Channel type Reference 215 ------------ --------- 216 session [SSH-CONNECT, Section 4.1] 217 x11 [SSH-CONNECT, Section 4.3.2] 218 forwarded-tcpip [SSH-CONNECT, Section 5.2] 219 direct-tcpip [SSH-CONNECT, Section 5.2] 221 2.2.2 Connection Protocol Global Request Names 223 Request type Reference 224 ------------ --------- 225 tcpip-forward [SSH-CONNECT, Section 5.1] 226 cancel-tcpip-forward [SSH-CONNECT, Section 5.1] 228 2.2.3 Connection Protocol Channel Request Names 230 Request type Reference 231 ------------ --------- 232 pty-req [SSH-CONNECT, Section 4.2] 233 x11-req [SSH-CONNECT, Section 4.3.1] 234 env [SSH-CONNECT, Section 4.4] 235 shell [SSH-CONNECT, Section 4.5] 236 exec [SSH-CONNECT, Section 4.5] 237 subsystem [SSH-CONNECT, Section 4.5] 238 window-change [SSH-CONNECT, Section 4.7] 239 xon-xoff [SSH-CONNECT, Section 4.8] 240 signal [SSH-CONNECT, Section 4.9] 241 exit-status [SSH-CONNECT, Section 4.10] 242 exit-signal [SSH-CONNECT, Section 4.10] 244 3. Key Exchange Method Names 246 The Key Exchange Method Name describes a key-exchange method for the 247 protocol [SSH-TRANS]. The names MUST be printable US-ASCII strings, 248 and MUST NOT contain the characters at-sign ('@'), comma (','), or 249 whitespace or control characters (ASCII codes 32 or less). Names are 250 case-sensitive, and MUST NOT be longer than 64 characters. 252 Requests for assignment of new key-exchange method names must be 253 accompanied by a reference to a standards-track or Informational RFC 254 which describes this method. 256 Method name Reference 257 ------------ --------- 258 diffie-hellman-group1-sha1 [SSH-TRANS, Section 4.5] 260 4. Assigned Algorithm Names 262 The following identifiers (names) MUST be printable US-ASCII strings, 263 and MUST NOT contain the characters at-sign ('@'), comma (','), or 264 whitespace or control characters (ASCII codes 32 or less). Names are 265 case-sensitive, and MUST NOT be longer than 64 characters. 267 Requests for assignment of new algorithm names must be accompanied by 268 a reference to a standards-track or Informational RFC or a reference 269 to published cryptographic literature which describes the algorithm. 271 4.1 Encryption Algorithm Names 273 Cipher name Reference 274 ------------ --------- 275 3des-cbc [SSH-TRANS, Section 4.3] 276 blowfish-cbc [SSH-TRANS, Section 4.3] 277 twofish256-cbc [SSH-TRANS, Section 4.3] 278 twofish-cbc [SSH-TRANS, Section 4.3] 279 twofish192-cbc [SSH-TRANS, Section 4.3] 280 twofish128-cbc [SSH-TRANS, Section 4.3] 281 aes256-cbc [SSH-TRANS, Section 4.3] 282 aes192-cbc [SSH-TRANS, Section 4.3] 283 aes128-cbc [SSH-TRANS, Section 4.3] 284 serpent256-cbc [SSH-TRANS, Section 4.3] 285 serpent192-cbc [SSH-TRANS, Section 4.3] 286 serpent128-cbc [SSH-TRANS, Section 4.3] 287 arcfour [SSH-TRANS, Section 4.3] 288 idea-cbc [SSH-TRANS, Section 4.3] 289 cast128-cbc [SSH-TRANS, Section 4.3] 290 none [SSH-TRANS, Section 4.3] 291 des-cbc [FIPS-46-3] HISTORIC; See page 4 of [FIPS 46-3] 293 4.2 MAC Algorithm Names 295 MAC name Reference 296 --------- --------- 297 hmac-sha1 [SSH-TRANS, Section 4.4] 298 hmac-sha1-96 [SSH-TRANS, Section 4.4] 299 hmac-md5 [SSH-TRANS, Section 4.4] 300 hmac-md5-96 [SSH-TRANS, Section 4.4] 301 none [SSH-TRANS, Section 4.4] 303 4.3 Public Key Algorithm Names 305 Algorithm name Reference 306 --------------- --------- 307 ssh-dss [SSH-TRANS, Section 4.6] 308 ssh-rsa [SSH-TRANS, Section 4.6] 309 x509v3-sign-rsa [SSH-TRANS, Section 4.6] 310 x509v3-sign-dss [SSH-TRANS, Section 4.6] 311 spki-sign-rsa [SSH-TRANS, Section 4.6] 312 spki-sign-dss [SSH-TRANS, Section 4.6] 313 pgp-sign-rsa [SSH-TRANS, Section 4.6] 314 pgp-sign-dss [SSH-TRANS, Section 4.6] 316 References 318 [SSH-ARCH] Ylonen, T., "SSH Protocol Architecture", I-D draft- 319 ietf-architecture-14.txt, July 2003. 321 [SSH-TRANS] Ylonen, T., "SSH Transport Layer Protocol", I-D 322 draft-ietf-transport-16.txt, July 2003. 324 [SSH-USERAUTH] Ylonen, T., "SSH Authentication Protocol", I-D draft- 325 ietf-userauth-17.txt, July 2003. 327 [SSH-CONNECT] Ylonen, T., "SSH Connection Protocol", I-D draft- 328 ietf-connect-17.txt, July 2003. 330 [SSH-NUMBERS] Lehtinen, S. and D. Moffat, "SSH Protocol Assigned 331 Numbers", I-D draft-ietf-secsh-assignednumbers- 332 03.txt, July 2003. 334 [FIPS-46-3] U.S. Dept. of Commerce, ., "FIPS PUB 46-3, Data 335 Encryption Standard (DES)", October 1999. 337 Authors' Addresses 339 Sami Lehtinen 340 SSH Communications Security Corp 341 Fredrikinkatu 42 342 HELSINKI FIN-00100 343 Finland 345 EMail: sjl@ssh.com 347 Darren J Moffat 348 Sun Microsystems 349 901 San Antonio Road 350 Palo Alto 94303 351 USA 353 EMail: Darren.Moffat@Sun.COM 355 Full Copyright Statement 357 Copyright (C) The Internet Society (2003). All Rights Reserved. 359 This document and translations of it may be copied and furnished to 360 others, and derivative works that comment on or otherwise explain it 361 or assist in its implementation may be prepared, copied, published 362 and distributed, in whole or in part, without restriction of any 363 kind, provided that the above copyright notice and this paragraph are 364 included on all such copies and derivative works. However, this 365 document itself may not be modified in any way, such as by removing 366 the copyright notice or references to the Internet Society or other 367 Internet organizations, except as needed for the purpose of 368 developing Internet standards in which case the procedures for 369 copyrights defined in the Internet Standards process must be 370 followed, or as required to translate it into languages other than 371 English. 373 The limited permissions granted above are perpetual and will not be 374 revoked by the Internet Society or its successors or assigns. 376 This document and the information contained herein is provided on an 377 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 378 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 379 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 380 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 381 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 383 Acknowledgement 385 Funding for the RFC Editor function is currently provided by the 386 Internet Society. 388 -- 389 Darren J Moffat