idnits 2.17.1 

draft-miller-secsh-compression-delayed-00.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** It looks like you're using RFC 3978 boilerplate.  You should update this
     to the boilerplate described in the IETF Trust License Policy document
     (see https://trustee.ietf.org/license-info), which is required now.

  -- Found old boilerplate from RFC 3978, Section 5.1 on line 15.

  -- Found old boilerplate from RFC 3978, Section 5.5 on line 176.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 153.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 160.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 166.

  ** This document has an original RFC 3978 Section 5.4 Copyright Line,
     instead of the newer IETF Trust Copyright according to RFC 4748.

  ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead
     of the newer disclaimer which includes the IETF Trust according to RFC
     4748.


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

  == No 'Intended status' indicated for this document; assuming Proposed
     Standard


  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** The document seems to lack an IANA Considerations section.  (See Section
     2.2 of https://www.ietf.org/id-info/checklist for how to handle the case
     when there are no actions for IANA.)


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not
     match the current year

  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (November 23, 2006) is 6362 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  ** Downref: Normative reference to an Informational RFC: RFC 1950

  ** Downref: Normative reference to an Informational RFC: RFC 1951


     Summary: 6 errors (**), 0 flaws (~~), 2 warnings (==), 7 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	Network Working Group                                          M. Friedl
3	Internet-Draft                                                 D. Miller
4	Expires: May 27, 2007                                            OpenSSH
5	                                                       November 23, 2006

7	          Delayed compression the SSH Transport Layer Protocol
8	             draft-miller-secsh-compression-delayed-00.txt

10	Status of this Memo

12	   By submitting this Internet-Draft, each author represents that any
13	   applicable patent or other IPR claims of which he or she is aware
14	   have been or will be disclosed, and any of which he or she becomes
15	   aware will be disclosed, in accordance with Section 6 of BCP 79.

17	   Internet-Drafts are working documents of the Internet Engineering
18	   Task Force (IETF), its areas, and its working groups.  Note that
19	   other groups may also distribute working documents as Internet-
20	   Drafts.

22	   Internet-Drafts are draft documents valid for a maximum of six months
23	   and may be updated, replaced, or obsoleted by other documents at any
24	   time.  It is inappropriate to use Internet-Drafts as reference
25	   material or to cite them other than as "work in progress."

27	   The list of current Internet-Drafts can be accessed at
28	   http://www.ietf.org/ietf/1id-abstracts.txt.

30	   The list of Internet-Draft Shadow Directories can be accessed at
31	   http://www.ietf.org/shadow.html.

33	   This Internet-Draft will expire on May 27, 2007.

35	Copyright Notice

37	   Copyright (C) The Internet Society (2006).

39	Abstract

41	   This memo describes a new compression method for the SSH protocol.
42	   This new method uses the same zlib compression algorithm as the
43	   existing method described in the core SSH drafts but delays the start
44	   of compression until after user authentication has completed.  This
45	   eliminates the risk of a bug in compression libraries resulting in a
46	   pre-authentication compromise of an SSH server.

48	Table of Contents

50	   1.  Requirements notation . . . . . . . . . . . . . . . . . . . . . 3
51	   2.  Overview  . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
52	   3.  Delayed Compression . . . . . . . . . . . . . . . . . . . . . . 3
53	   4.  Security Considerations . . . . . . . . . . . . . . . . . . . . 3
54	   5.  Normative References  . . . . . . . . . . . . . . . . . . . . . 4
55	   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . . . 5
56	   Intellectual Property and Copyright Statements  . . . . . . . . . . 6

58	1.  Requirements notation

60	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
61	   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
62	   document are to be interpreted as described in [RFC2119].

64	2.  Overview

66	   SSH [RFC4251] is a popular protocol for secure remote login and data
67	   transfer on the Internet.  Included in the protocol is the ability to
68	   compress data between the client and the server, offering throughput
69	   improvements and traffic savings when used on compressible data.

71	   The "zlib" compression in method defined in [RFC4253] for the SSH
72	   protocol uses ZLIB (LZ77) compression (as described in [RFC1950] and
73	   [RFC1951]).  This method activates compression after the completion
74	   of the key exchange algorithm, upon the receipt of the
75	   SSH_MSG_NEWKEYS message.  This step occurs before user authentication
76	   [RFC4252] completes, so a bug in the underlying compression code
77	   could be exposed to unauthenticated users.

79	   This new compression method "zlib@openssh.com" addresses this risk by
80	   delaying the start of compression until the completion of the user
81	   authentication exchange.

83	3.  Delayed Compression

85	   The "zlib@openssh.com" method operates identically to the "zlib"
86	   method described in [RFC4252] except that packet compression does not
87	   start until the server sends a SSH_MSG_USERAUTH_SUCCESS packet,
88	   replacing the "zlib" method's start of compression when the server
89	   sends SSH_MSG_NEWKEYS.

91	   Specifically, this means that a server selecting this method MUST
92	   compress the first packet after SSH_MSG_USERAUTH_SUCCESS and all
93	   subsequent packets.  The client MUST compress all packets it sends
94	   after the time that it receives SSH_MSG_USERAUTH_SUCCESS.

96	   An implementation of this method should be careful to ensure that
97	   compression is enabled by subsequent re-keying exchanges after
98	   authentication.

100	4.  Security Considerations

102	   Delaying compression until after authentication may reveal slightly
103	   more exact information about the length of authentication data.  It
104	   is doubtful that this would assist an attacker; the compressed length
105	   of an authentication secret is of similar interest to an attacker as
106	   its uncompressed length.  Implementations should be taking steps to
107	   obscure the exact length of authentication secrets anyway.

109	   The security considerations in [RFC4251] also apply to this
110	   compression method.

112	5.  Normative References

114	   [RFC1950]  Deutsch, L. and J-L. Gailly, "ZLIB Compressed Data Format
115	              Specification version 3.3", RFC 1950, May 1996.

117	   [RFC1951]  Deutsch, P., "DEFLATE Compressed Data Format Specification
118	              version 1.3", RFC 1951, May 1996.

120	   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
121	              Requirement Levels", BCP 14, RFC 2119, March 1997.

123	   [RFC4251]  Ylonen, T. and C. Lonvick, "The Secure Shell (SSH)
124	              Protocol Architecture", RFC 4251, January 2006.

126	   [RFC4252]  Ylonen, T. and C. Lonvick, "The Secure Shell (SSH)
127	              Authentication Protocol", RFC 4252, January 2006.

129	   [RFC4253]  Ylonen, T. and C. Lonvick, "The Secure Shell (SSH)
130	              Transport Layer Protocol", RFC 4253, January 2006.

132	Authors' Addresses

134	   Markus Friedl
135	   OpenSSH

137	   Email: markus@openssh.com

139	   Damien Miller
140	   OpenSSH

142	   Email: djm@openssh.com

144	Intellectual Property Statement

146	   The IETF takes no position regarding the validity or scope of any
147	   Intellectual Property Rights or other rights that might be claimed to
148	   pertain to the implementation or use of the technology described in
149	   this document or the extent to which any license under such rights
150	   might or might not be available; nor does it represent that it has
151	   made any independent effort to identify any such rights.  Information
152	   on the procedures with respect to rights in RFC documents can be
153	   found in BCP 78 and BCP 79.

155	   Copies of IPR disclosures made to the IETF Secretariat and any
156	   assurances of licenses to be made available, or the result of an
157	   attempt made to obtain a general license or permission for the use of
158	   such proprietary rights by implementers or users of this
159	   specification can be obtained from the IETF on-line IPR repository at
160	   http://www.ietf.org/ipr.

162	   The IETF invites any interested party to bring to its attention any
163	   copyrights, patents or patent applications, or other proprietary
164	   rights that may cover technology that may be required to implement
165	   this standard.  Please address the information to the IETF at
166	   ietf-ipr@ietf.org.

168	Disclaimer of Validity

170	   This document and the information contained herein are provided on an
171	   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
172	   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
173	   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
174	   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
175	   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
176	   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

178	Copyright Statement

180	   Copyright (C) The Internet Society (2006).  This document is subject
181	   to the rights, licenses and restrictions contained in BCP 78, and
182	   except as set forth therein, the authors retain all their rights.

184	Acknowledgment

186	   Funding for the RFC Editor function is currently provided by the
187	   Internet Society.