idnits 2.17.1 draft-moonesamy-sshfp-ed25519-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (March 27, 2014) is 3682 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Missing Reference: 'TBD' is mentioned on line 89, but not defined == Missing Reference: 'RFCXXXX' is mentioned on line 89, but not defined == Unused Reference: 'RFC6594' is defined on line 109, but no explicit reference was found in the text == Unused Reference: 'FIPS180-4' is defined on line 113, but no explicit reference was found in the text Summary: 0 errors (**), 0 flaws (~~), 5 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 INTERNET-DRAFT S. Moonesamy 3 Intended Status: Informational 4 Expires: September 28, 2014 March 27, 2014 6 Using ED25519 in SSHFP Resource Records 7 draft-moonesamy-sshfp-ed25519-01 9 Abstract 11 The Ed25519 signature algorithm has been implemented in OpenSSH. 12 This document updates the IANA "SSHFP RR Types for public key 13 algorithms" registry by adding an algorithm number for Ed25519. 15 Status of this Memo 17 This Internet-Draft is submitted to IETF in full conformance with the 18 provisions of BCP 78 and BCP 79. 20 Internet-Drafts are working documents of the Internet Engineering 21 Task Force (IETF), its areas, and its working groups. Note that 22 other groups may also distribute working documents as 23 Internet-Drafts. 25 Internet-Drafts are draft documents valid for a maximum of six months 26 and may be updated, replaced, or obsoleted by other documents at any 27 time. It is inappropriate to use Internet-Drafts as reference 28 material or to cite them other than as "work in progress." 30 The list of current Internet-Drafts can be accessed at 31 http://www.ietf.org/1id-abstracts.html 33 The list of Internet-Draft Shadow Directories can be accessed at 34 http://www.ietf.org/shadow.html 36 Copyright and License Notice 38 Copyright (c) 2014 IETF Trust and the persons identified as the 39 document authors. All rights reserved. 41 This document is subject to BCP 78 and the IETF Trust's Legal 42 Provisions Relating to IETF Documents 43 (http://trustee.ietf.org/license-info) in effect on the date of 44 publication of this document. Please review these documents 45 carefully, as they describe your rights and restrictions with respect 46 to this document. Code Components extracted from this document must 47 include Simplified BSD License text as described in Section 4.e of 48 the Trust Legal Provisions and are provided without warranty as 49 described in the Simplified BSD License. 51 1. Introduction 53 The Ed25519 [Ed25519] signature algorithm has been implemented in 54 OpenSSH. RFC 4255 [RFC4255] defines a DNS resource record, "SSHFP", 55 which can be used to publish a fingerprint of the SSH server public 56 key in the DNS. This document updates the IANA "SSHFP RR Types for 57 public key algorithms" registry by adding an algorithm number for 58 Ed25519 [Ed25519]. 60 2.. ED25519 Public Key with SHA-256 Fingerprint 62 The SSHFP Resource Record for the ED25519 public key with SHA-256 63 fingerprint would, for example, be: 65 ssh.example.com IN SSHFP [TBD] 2 ( a87f1b687ac0e57d2a081a2f2826723 66 34d90ed316d2b818ca9580ea384d924 67 01 ) 69 RFC Editor Note: Please replace TBD with the value assigned by IANA. 71 3. Security Considerations 73 The overall security of using SSHFP for SSH host key verification is 74 dependent on the security policies of the SSH host administrator and 75 DNS zone administrator (in transferring the fingerprint), detailed 76 aspects of how verification is done in the SSH implementation, and in 77 the client's diligence in accessing the DNS in a secure manner. 78 Please refer to RFC 4255 [RFC4255] for a discussion of the security 79 considerations. 81 4. IANA Considerations 83 IANA is requested to add the following entry to the "SSHFP RR Types 84 for public key algorithms" registry: 86 +--------+-------------+------------+ 87 | Value | Description | Reference | 88 +--------+-------------+------------+ 89 | [TBD] | ED25519 | [RFCXXXX] | 90 +--------+-------------+------------+ 92 RFC Editor Note: Please replace TBD with the value assigned by IANA 93 and RFCXXXX to refer to this document. 95 5. Acknowledgements 97 Some of the text in this document is from RFC 6594 which was written 98 by Ondrej Sury. The author would like to thank Damien Miller, Yoav 99 Nir and Paul Wouters for their feedback. 101 6. References 103 6.1. Normative References 105 [RFC4255] Schlyter, J. and W. Griffin, "Using DNS to Securely 106 Publish Secure Shell (SSH) Key Fingerprints", RFC 4255, 107 January 2006. 109 [RFC6594] Sury, O., "Use of the SHA-256 Algorithm with RSA, Digital 110 Signature Algorithm (DSA), and Elliptic Curve DSA (ECDSA) 111 in SSHFP Resource Records", RFC 6594, April 2012. 113 [FIPS180-4] National Institute of Standards and Technology, "Secure 114 Hash Standard (SHS)", FIPS PUB 180-4, March 2012, 115 . 118 6.2. Informative References 120 [Ed25519] 122 Appendix A: Changes 124 [RFC Editor Note: Please remove this appendix] 126 A.1 Changes since version 00 128 o Text about usage policy removed from Section 2 130 o SHA-1 Fingerprint removed 132 Authors' Addresses 134 S. Moonesamy 135 76, Ylang Ylang Avenue 136 Quatres Bornes 137 Mauritius 139 Email: sm+ietf@elandsys.com