idnits 2.17.1 draft-ietf-secsh-assignednumbers-06.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack a Security Considerations section. ** There are 3 instances of too long lines in the document, the longest one being 8 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (June 2, 2004) is 7268 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'Section 4' is mentioned on line 231, but not defined == Missing Reference: 'Section 5' is mentioned on line 232, but not defined == Missing Reference: 'Section 6' is mentioned on line 233, but not defined == Missing Reference: 'FIPS 46-3' is mentioned on line 325, but not defined -- No information found for draft-ietf-architecture - is the name correct? -- Possible downref: Normative reference to a draft: ref. 'SSH-ARCH' -- No information found for draft-ietf-transport - is the name correct? -- Possible downref: Normative reference to a draft: ref. 'SSH-TRANS' -- No information found for draft-ietf-userauth - is the name correct? -- Possible downref: Normative reference to a draft: ref. 'SSH-USERAUTH' -- No information found for draft-ietf-connect - is the name correct? -- Possible downref: Normative reference to a draft: ref. 'SSH-CONNECT' Summary: 3 errors (**), 0 flaws (~~), 7 warnings (==), 10 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group S. Lehtinen 3 Internet-Draft SSH Communications Security Corp 4 Expires: December 1, 2004 C. Lonvick, Ed. 5 Cisco Systems, Inc. 6 June 2, 2004 8 SSH Protocol Assigned Numbers 9 draft-ietf-secsh-assignednumbers-06.txt 11 Status of this Memo 13 This document is an Internet-Draft and is in full conformance with 14 all provisions of Section 10 of RFC2026. 16 Internet-Drafts are working documents of the Internet Engineering 17 Task Force (IETF), its areas, and its working groups. Note that 18 other groups may also distribute working documents as 19 Internet-Drafts. 21 Internet-Drafts are draft documents valid for a maximum of six months 22 and may be updated, replaced, or obsoleted by other documents at any 23 time. It is inappropriate to use Internet-Drafts as reference 24 material or to cite them other than as "work in progress." 26 The list of current Internet-Drafts can be accessed at 27 http://www.ietf.org/ietf/1id-abstracts.txt. 29 The list of Internet-Draft Shadow Directories can be accessed at 30 http://www.ietf.org/shadow.html. 32 This Internet-Draft will expire on December 1, 2004. 34 Copyright Notice 36 Copyright (C) The Internet Society (2004). All Rights Reserved. 38 Abstract 40 This document defines the initial state of the IANA assigned numbers 41 for the SSH protocol. It is intended only for initialization of the 42 IANA databases referenced in those documents. 44 Table of Contents 46 1. Editor's Note . . . . . . . . . . . . . . . . . . . . . . . . 3 47 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 48 3. Conventions Used in This Document . . . . . . . . . . . . . . 3 49 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 3 50 4.1 Message Numbers . . . . . . . . . . . . . . . . . . . . . 3 51 4.1.1 Disconnect Codes . . . . . . . . . . . . . . . . . . . 5 52 4.2 Service Names . . . . . . . . . . . . . . . . . . . . . . 5 53 4.2.1 Authentication Method Names . . . . . . . . . . . . . 6 54 4.2.2 Connection Protocol Assigned Names . . . . . . . . . . 6 55 4.3 Key Exchange Method Names . . . . . . . . . . . . . . . . 7 56 4.4 Assigned Algorithm Names . . . . . . . . . . . . . . . . . 7 57 4.4.1 Encryption Algorithm Names . . . . . . . . . . . . . . 8 58 4.4.2 MAC Algorithm Names . . . . . . . . . . . . . . . . . 8 59 4.4.3 Public Key Algorithm Names . . . . . . . . . . . . . . 8 60 4.4.4 Compression Algorithm Names . . . . . . . . . . . . . 9 61 5. Intellectual Property . . . . . . . . . . . . . . . . . . . . 9 62 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9 63 6.1 Normative References . . . . . . . . . . . . . . . . . . . . 9 64 6.2 Informative References . . . . . . . . . . . . . . . . . . . 10 65 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 10 66 Intellectual Property and Copyright Statements . . . . . . . . 11 68 1. Editor's Note 70 The references in this document are statically defined. However, the 71 locations of the referenced materials are dynamic and are changing 72 with the whims of the Working Group. Please do not comment to the 73 editor or the Working Group about inaccuracies along those lines in 74 this document at this time. (This paragraph will be removed before 75 this document is submitted to the RFC Editor.) 77 2. Introduction 79 This document does not define any new protocols. It is intended only 80 to create the initial state of the IANA databases for the SSH 81 protocol. Except for one HISTORIC algorithm generally regarded as 82 obsolete, this document does not define any new protocols or any 83 number ranges not already defined in: [SSH-ARCH], [SSH-TRANS], 84 [SSH-USERAUTH], [SSH-CONNECT] 86 3. Conventions Used in This Document 88 The keywords "MUST", "MUST NOT", "REQUIRED", "SHOULD", "SHOULD NOT", 89 and "MAY" that appear in this document are to be interpreted as 90 described in [RFC2119] 92 The used data types and terminology are specified in the architecture 93 document [SSH-ARCH] 95 The architecture document also discusses the algorithm naming 96 conventions that MUST be used with the SSH protocols. 98 4. IANA Considerations 100 4.1 Message Numbers 102 The Message Number is an 8-bit value, which describes the payload of 103 a packet. 105 Protocol packets have message numbers in the range 1 to 255. These 106 numbers have been allocated as follows in [SSH-ARCH]: 108 Transport layer protocol: 110 1 to 19 Transport layer generic (e.g. disconnect, ignore, debug, etc.) 111 20 to 29 Algorithm negotiation 112 30 to 49 Key exchange method specific (numbers can be reused for 113 different authentication methods) 115 User authentication protocol: 117 50 to 59 User authentication generic 118 60 to 79 User authentication method specific (numbers can be 119 reused for different authentication methods) 121 Connection protocol: 123 80 to 89 Connection protocol generic 124 90 to 127 Channel related messages 126 Reserved for client protocols: 128 128 to 191 Reserved 130 Local extensions: 132 192 to 255 Local extensions 134 Requests for assignments of new message numbers must be accompanied 135 by an RFC which describes the new packet type. If the RFC is not on 136 the standards-track (i.e. it is an informational or experimental 137 RFC), it must be explicitly reviewed and approved by the IESG before 138 the RFC is published and the message number is assigned. 140 Message ID Value Reference 141 ----------- ----- --------- 142 SSH_MSG_DISCONNECT 1 [SSH-TRANS] 143 SSH_MSG_IGNORE 2 [SSH-TRANS] 144 SSH_MSG_UNIMPLEMENTED 3 [SSH-TRANS] 145 SSH_MSG_DEBUG 4 [SSH-TRANS] 146 SSH_MSG_SERVICE_REQUEST 5 [SSH-TRANS] 147 SSH_MSG_SERVICE_ACCEPT 6 [SSH-TRANS] 148 SSH_MSG_KEXINIT 20 [SSH-TRANS] 149 SSH_MSG_NEWKEYS 21 [SSH-TRANS] 150 SSH_MSG_KEXDH_INIT 30 [SSH-TRANS] 151 SSH_MSG_KEXDH_REPLY 31 [SSH-TRANS] 152 SSH_MSG_USERAUTH_REQUEST 50 [SSH-USERAUTH] 153 SSH_MSG_USERAUTH_FAILURE 51 [SSH-USERAUTH] 154 SSH_MSG_USERAUTH_SUCCESS 52 [SSH-USERAUTH] 155 SSH_MSG_USERAUTH_BANNER 53 [SSH-USERAUTH] 156 SSH_MSG_USERAUTH_PK_OK 60 [SSH-USERAUTH] 157 SSH_MSG_GLOBAL_REQUEST 80 [SSH-CONNECT] 158 SSH_MSG_REQUEST_SUCCESS 81 [SSH-CONNECT] 159 SSH_MSG_REQUEST_FAILURE 82 [SSH-CONNECT] 160 SSH_MSG_CHANNEL_OPEN 90 [SSH-CONNECT] 161 SSH_MSG_CHANNEL_OPEN_CONFIRMATION 91 [SSH-CONNECT] 162 SSH_MSG_CHANNEL_OPEN_FAILURE 92 [SSH-CONNECT] 163 SSH_MSG_CHANNEL_WINDOW_ADJUST 93 [SSH-CONNECT] 164 SSH_MSG_CHANNEL_DATA 94 [SSH-CONNECT] 165 SSH_MSG_CHANNEL_EXTENDED_DATA 95 [SSH-CONNECT] 166 SSH_MSG_CHANNEL_EOF 96 [SSH-CONNECT] 167 SSH_MSG_CHANNEL_CLOSE 97 [SSH-CONNECT] 168 SSH_MSG_CHANNEL_REQUEST 98 [SSH-CONNECT] 169 SSH_MSG_CHANNEL_SUCCESS 99 [SSH-CONNECT] 170 SSH_MSG_CHANNEL_FAILURE 100 [SSH-CONNECT] 172 4.1.1 Disconnect Codes 174 The Disconnect code is an 8-bit value, which describes the disconnect 175 reason. Requests for assignments of new disconnect codes must be 176 accompanied by an RFC which describes the new disconnect reason code. 178 Disconnect code Value Reference 179 ---------------- ----- --------- 180 SSH_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT 1 [SSH-TRANS] 181 SSH_DISCONNECT_PROTOCOL_ERROR 2 [SSH-TRANS] 182 SSH_DISCONNECT_KEY_EXCHANGE_FAILED 3 [SSH-TRANS] 183 SSH_DISCONNECT_RESERVED 4 [SSH-TRANS] 184 SSH_DISCONNECT_MAC_ERROR 5 [SSH-TRANS] 185 SSH_DISCONNECT_COMPRESSION_ERROR 6 [SSH-TRANS] 186 SSH_DISCONNECT_SERVICE_NOT_AVAILABLE 7 [SSH-TRANS] 187 SSH_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED 8 [SSH-TRANS] 188 SSH_DISCONNECT_HOST_KEY_NOT_VERIFIABLE 9 [SSH-TRANS] 189 SSH_DISCONNECT_CONNECTION_LOST 10 [SSH-TRANS] 190 SSH_DISCONNECT_BY_APPLICATION 11 [SSH-TRANS] 191 SSH_DISCONNECT_TOO_MANY_CONNECTIONS 12 [SSH-TRANS] 192 SSH_DISCONNECT_AUTH_CANCELLED_BY_USER 13 [SSH-TRANS] 193 SSH_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE 14 [SSH-TRANS] 194 SSH_DISCONNECT_ILLEGAL_USER_NAME 15 [SSH-TRANS] 196 4.2 Service Names 198 The Service Name is used to describe a protocol layer. These names 199 MUST be printable US-ASCII strings, and MUST NOT contain the 200 characters at-sign ('@'), comma (','), or whitespace or control 201 characters (ASCII codes 32 or less). Names are case-sensitive, and 202 MUST NOT be longer than 64 characters. 204 Requests for assignments of new service names must be accompanied by 205 an RFC which describes the interpretation for the service name. If 206 the RFC is not on the standards-track (i.e. it is an informational 207 or experimental RFC), it must be explicitly reviewed and approved by 208 the IESG before the RFC is published and the service name is 209 assigned. 211 Service name Reference 212 ------------- --------- 213 ssh-userauth [SSH-USERAUTH] 214 ssh-connection [SSH-CONNECT] 216 4.2.1 Authentication Method Names 218 The Authentication Method Name is used to describe an authentication 219 method for the "ssh-userauth" service [SSH-USERAUTH]. These names 220 MUST be printable US-ASCII strings, and MUST NOT contain the 221 characters at-sign ('@'), comma (','), or whitespace or control 222 characters (ASCII codes 32 or less). Names are case-sensitive, and 223 MUST NOT be longer than 64 characters. 225 Requests for assignments of new authentication method names must be 226 accompanied by an RFC which describes the interpretation for the 227 authentication method. 229 Method name Reference 230 ------------ --------- 231 publickey [SSH-USERAUTH, Section 4] 232 password [SSH-USERAUTH, Section 5] 233 hostbased [SSH-USERAUTH, Section 6] 234 none [SSH-USERAUTH, Section 2.3] 236 4.2.2 Connection Protocol Assigned Names 238 The following request and type names MUST be printable US-ASCII 239 strings, and MUST NOT contain the characters at-sign ('@'), comma 240 (','), or whitespace or control characters (ASCII codes 32 or less). 241 Names are case-sensitive, and MUST NOT be longer than 64 characters. 243 Requests for assignments of new assigned names must be accompanied by 244 an RFC which describes the interpretation for the type or request. 246 4.2.2.1 Connection Protocol Channel Types 248 Channel type Reference 249 ------------ --------- 250 session [SSH-CONNECT, Section 4.1] 251 x11 [SSH-CONNECT, Section 4.3.2] 252 forwarded-tcpip [SSH-CONNECT, Section 5.2] 253 direct-tcpip [SSH-CONNECT, Section 5.2] 255 4.2.2.2 Connection Protocol Global Request Names 257 Request type Reference 258 ------------ --------- 259 tcpip-forward [SSH-CONNECT, Section 5.1] 260 cancel-tcpip-forward [SSH-CONNECT, Section 5.1] 262 4.2.2.3 Connection Protocol Channel Request Names 264 Request type Reference 265 ------------ --------- 266 pty-req [SSH-CONNECT, Section 4.2] 267 x11-req [SSH-CONNECT, Section 4.3.1] 268 env [SSH-CONNECT, Section 4.4] 269 shell [SSH-CONNECT, Section 4.5] 270 exec [SSH-CONNECT, Section 4.5] 271 subsystem [SSH-CONNECT, Section 4.5] 272 window-change [SSH-CONNECT, Section 4.7] 273 xon-xoff [SSH-CONNECT, Section 4.8] 274 signal [SSH-CONNECT, Section 4.9] 275 exit-status [SSH-CONNECT, Section 4.10] 276 exit-signal [SSH-CONNECT, Section 4.10] 278 4.3 Key Exchange Method Names 280 The Key Exchange Method Name describes a key-exchange method for the 281 protocol [SSH-TRANS]. The names MUST be printable US-ASCII strings, 282 and MUST NOT contain the characters at-sign ('@'), comma (','), or 283 whitespace or control characters (ASCII codes 32 or less). Names are 284 case-sensitive, and MUST NOT be longer than 64 characters. 286 Requests for assignment of new key-exchange method names must be 287 accompanied by a reference to a standards-track or Informational RFC 288 which describes this method. 290 Method name Reference 291 ------------ --------- 292 diffie-hellman-group1-sha1 [SSH-TRANS, Section 4.5] 294 4.4 Assigned Algorithm Names 296 The following identifiers (names) MUST be printable US-ASCII strings, 297 and MUST NOT contain the characters at-sign ('@'), comma (','), or 298 whitespace or control characters (ASCII codes 32 or less). Names are 299 case-sensitive, and MUST NOT be longer than 64 characters. 301 Requests for assignment of new algorithm names must be accompanied by 302 a reference to a standards-track or Informational RFC or a reference 303 to published cryptographic literature which describes the algorithm. 305 4.4.1 Encryption Algorithm Names 307 Cipher name Reference 308 ------------ --------- 309 3des-cbc [SSH-TRANS, Section 4.3] 310 blowfish-cbc [SSH-TRANS, Section 4.3] 311 twofish256-cbc [SSH-TRANS, Section 4.3] 312 twofish-cbc [SSH-TRANS, Section 4.3] 313 twofish192-cbc [SSH-TRANS, Section 4.3] 314 twofish128-cbc [SSH-TRANS, Section 4.3] 315 aes256-cbc [SSH-TRANS, Section 4.3] 316 aes192-cbc [SSH-TRANS, Section 4.3] 317 aes128-cbc [SSH-TRANS, Section 4.3] 318 serpent256-cbc [SSH-TRANS, Section 4.3] 319 serpent192-cbc [SSH-TRANS, Section 4.3] 320 serpent128-cbc [SSH-TRANS, Section 4.3] 321 arcfour [SSH-TRANS, Section 4.3] 322 idea-cbc [SSH-TRANS, Section 4.3] 323 cast128-cbc [SSH-TRANS, Section 4.3] 324 none [SSH-TRANS, Section 4.3] 325 des-cbc [FIPS-46-3] HISTORIC; See page 4 of [FIPS 46-3] 327 4.4.2 MAC Algorithm Names 329 MAC name Reference 330 --------- --------- 331 hmac-sha1 [SSH-TRANS, Section 4.4] 332 hmac-sha1-96 [SSH-TRANS, Section 4.4] 333 hmac-md5 [SSH-TRANS, Section 4.4] 334 hmac-md5-96 [SSH-TRANS, Section 4.4] 335 none [SSH-TRANS, Section 4.4] 337 4.4.3 Public Key Algorithm Names 339 Algorithm name Reference 340 --------------- --------- 341 ssh-dss [SSH-TRANS, Section 4.6] 342 ssh-rsa [SSH-TRANS, Section 4.6] 343 x509v3-sign-rsa [SSH-TRANS, Section 4.6] 344 x509v3-sign-dss [SSH-TRANS, Section 4.6] 345 spki-sign-rsa [SSH-TRANS, Section 4.6] 346 spki-sign-dss [SSH-TRANS, Section 4.6] 347 pgp-sign-rsa [SSH-TRANS, Section 4.6] 348 pgp-sign-dss [SSH-TRANS, Section 4.6] 350 4.4.4 Compression Algorithm Names 352 Algorithm name Reference 353 --------------- --------- 354 none [SSH-TRANS, Section 4.2] 355 zlib [SSH-TRANS, Section 4.2] 357 5. Intellectual Property 359 The IETF takes no position regarding the validity or scope of any 360 intellectual property or other rights that might be claimed to 361 pertain to the implementation or use of the technology described in 362 this document or the extent to which any license under such rights 363 might or might not be available; neither does it represent that it 364 has made any effort to identify any such rights. Information on the 365 IETF's procedures with respect to rights in standards-track and 366 standards-related documentation can be found in BCP-11. Copies of 367 claims of rights made available for publication and any assurances of 368 licenses to be made available, or the result of an attempt made to 369 obtain a general license or permission for the use of such 370 proprietary rights by implementers or users of this specification can 371 be obtained from the IETF Secretariat. 373 The IETF has been notified of intellectual property rights claimed in 374 regard to some or all of the specification contained in this 375 document. For more information consult the online list of claimed 376 rights. 378 6. References 380 6.1 Normative References 382 [SSH-ARCH] 383 Ylonen, T. and C. Lonvick, "SSH Protocol Architecture", 384 I-D draft-ietf-architecture-16.txt, May 2004. 386 [SSH-TRANS] 387 Ylonen, T. and C. Lonvick, "SSH Transport Layer Protocol", 388 I-D draft-ietf-transport-18.txt, May 2004. 390 [SSH-USERAUTH] 391 Ylonen, T. and C. Lonvick, "SSH Authentication Protocol", 392 I-D draft-ietf-userauth-21.txt, May 2004. 394 [SSH-CONNECT] 395 Ylonen, T. and C. Lonvick, "SSH Connection Protocol", I-D 396 draft-ietf-connect-19.txt, May 2004. 398 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 399 Requirement Levels", BCP 14, RFC 2119, March 1997. 401 6.2 Informative References 403 [FIPS-46-3] 404 U.S. Dept. of Commerce, "FIPS PUB 46-3, Data Encryption 405 Standard (DES)", October 1999. 407 Authors' Addresses 409 Sami Lehtinen 410 SSH Communications Security Corp 411 Fredrikinkatu 42 412 HELSINKI FIN-00100 413 Finland 415 EMail: sjl@ssh.com 417 Chris Lonvick (editor) 418 Cisco Systems, Inc. 419 12515 Research Blvd. 420 Austin 78759 421 USA 423 EMail: clonvick@cisco.com 425 Intellectual Property Statement 427 The IETF takes no position regarding the validity or scope of any 428 intellectual property or other rights that might be claimed to 429 pertain to the implementation or use of the technology described in 430 this document or the extent to which any license under such rights 431 might or might not be available; neither does it represent that it 432 has made any effort to identify any such rights. Information on the 433 IETF's procedures with respect to rights in standards-track and 434 standards-related documentation can be found in BCP-11. Copies of 435 claims of rights made available for publication and any assurances of 436 licenses to be made available, or the result of an attempt made to 437 obtain a general license or permission for the use of such 438 proprietary rights by implementors or users of this specification can 439 be obtained from the IETF Secretariat. 441 The IETF invites any interested party to bring to its attention any 442 copyrights, patents or patent applications, or other proprietary 443 rights which may cover technology that may be required to practice 444 this standard. Please address the information to the IETF Executive 445 Director. 447 The IETF has been notified of intellectual property rights claimed in 448 regard to some or all of the specification contained in this 449 document. For more information consult the online list of claimed 450 rights. 452 Full Copyright Statement 454 Copyright (C) The Internet Society (2004). All Rights Reserved. 456 This document and translations of it may be copied and furnished to 457 others, and derivative works that comment on or otherwise explain it 458 or assist in its implementation may be prepared, copied, published 459 and distributed, in whole or in part, without restriction of any 460 kind, provided that the above copyright notice and this paragraph are 461 included on all such copies and derivative works. However, this 462 document itself may not be modified in any way, such as by removing 463 the copyright notice or references to the Internet Society or other 464 Internet organizations, except as needed for the purpose of 465 developing Internet standards in which case the procedures for 466 copyrights defined in the Internet Standards process must be 467 followed, or as required to translate it into languages other than 468 English. 470 The limited permissions granted above are perpetual and will not be 471 revoked by the Internet Society or its successors or assignees. 473 This document and the information contained herein is provided on an 474 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 475 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 476 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 477 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 478 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 480 Acknowledgment 482 Funding for the RFC Editor function is currently provided by the 483 Internet Society.