idnits 2.17.1 draft-mu-curdle-ssh-xmss-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == The 'Updates: ' line in the draft header should list only the _numbers_ of the RFCs which will be updated by this document (if approved); it should not include the word 'RFC' in the list. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 93 has weird spacing: '... string key...' == Line 108 has weird spacing: '... string sig...' -- The document date (October 27, 2019) is 1636 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Downref: Normative reference to an Informational RFC: RFC 8391 Summary: 1 error (**), 0 flaws (~~), 4 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force L. Velvindron 3 Internet-Draft J. Daniel 4 Updates: RFC4253 (if approved) cyberstorm.mu 5 Intended status: Standards Track October 27, 2019 6 Expires: April 29, 2020 8 XMSS public key algorithms for the Secure Shell (SSH) protocol 9 draft-mu-curdle-ssh-xmss-00 11 Abstract 13 This document describes the use of the XMSS (XMSS: eXtended Merkle 14 Signature Scheme) which is resistant to quantum computers attack, as 15 a digital signature algorithm in the Secure Shell (SSH) protocol. 17 Status of This Memo 19 This Internet-Draft is submitted in full conformance with the 20 provisions of BCP 78 and BCP 79. 22 Internet-Drafts are working documents of the Internet Engineering 23 Task Force (IETF). Note that other groups may also distribute 24 working documents as Internet-Drafts. The list of current Internet- 25 Drafts is at https://datatracker.ietf.org/drafts/current/. 27 Internet-Drafts are draft documents valid for a maximum of six months 28 and may be updated, replaced, or obsoleted by other documents at any 29 time. It is inappropriate to use Internet-Drafts as reference 30 material or to cite them other than as "work in progress." 32 This Internet-Draft will expire on April 29, 2020. 34 Copyright Notice 36 Copyright (c) 2019 IETF Trust and the persons identified as the 37 document authors. All rights reserved. 39 This document is subject to BCP 78 and the IETF Trust's Legal 40 Provisions Relating to IETF Documents 41 (https://trustee.ietf.org/license-info) in effect on the date of 42 publication of this document. Please review these documents 43 carefully, as they describe your rights and restrictions with respect 44 to this document. Code Components extracted from this document must 45 include Simplified BSD License text as described in Section 4.e of 46 the Trust Legal Provisions and are provided without warranty as 47 described in the Simplified BSD License. 49 1. Introduction 51 Secure Shell (SSH) [RFC4251] is a secure remote-login protocol. It 52 provides for an extensible variety of public key algorithms for 53 identifying servers and users to one another. XMSS [RFC8391] is a 54 digital signature system. OpenSSH 7.7 [OpenSSH-7.7] introduced 55 support for using XMSS for server and user authentication and was 56 then followed by other SSH implementations. 58 This document describes the method implemented by OpenSSH and others, 59 and formalizes its use of the name "ssh-xmss". 61 [TO BE REMOVED: Please send comments on this draft to 62 curdle@ietf.org.] 64 2. Conventions Used in This Document 66 The descriptions of key and signature formats use the notation 67 introduced in [RFC4251], Section 3 [RFC4251] and the string data type 68 from [RFC4251], Section 5 [RFC4251]. 70 2.1. Requirements Language 72 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 73 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 74 document are to be interpreted as described in RFC 2119 [RFC2119] RFC 75 8174 [RFC8174] when, and only when, they appear in all capitals, as 76 shown here. 78 3. Public Key Algorithm 80 This document describes a public key algorithm for use with SSH in 81 accordance with [RFC4253], Section 6.6 [RFC4253]. The name of the 82 algorithm is "ssh-xmss". This algorithm only supports signing and 83 not encryption. 85 Standard implementations of SSH SHOULD implement these signature 86 algorithms. 88 4. Public Key Format 90 The "ssh-xmss" key format has the following encoding: 92 string "ssh-xmss" 93 string key 95 Here 'key' is the 32-octet public key described by [RFC8391], 96 Section 4.1.7 [RFC8391]. 98 5. Signature Algorithm 100 Signatures are generated according to the procedure in [RFC8391], 101 Section 4.1.8 [RFC8391]. 103 6. Signature Format 105 The "ssh-xmss" key format has the following encoding: 107 string "ssh-xmss" 108 string signature 110 Here 'signature' is the 64-octet signature produced in accordance 111 with [RFC8391], Section 4.1.9 [RFC8391]. 113 7. Verification Algorithm 115 XMSS signatures are verified according to the procedure in [RFC8391], 116 Section 4.1.10 [RFC8391]. 118 8. SSHFP DNS resource records 120 Usage and generation of SSHFP DNS resource record is described in 121 [RFC4255]. This section illustrates the generation of SSHFP resource 122 records for "ssh-xmss" keys and the document specifies the 123 corresponding xmss code point to the "SSHFP RR Types for public key 124 algorithms" IANA registry. 126 The generation of SSHFP resource records for "ssh-xmss" keys is 127 described as follows. 129 The encoding of xmss public keys is described in [RFC8391]. In 130 brief, an xmss public key is a 57-octet value representing a 455-bit 131 y-coordinate of an elliptic curve point, and a sign bit indicating 132 the the corresponding x-coordinate. 134 The SSHFP Resource Record for the xmss public key with SHA-256 135 fingerprint would for example be: 137 example.com. IN SSHFP TBD 2 ( a87f1b687ac0e57d2a081a2f2826723 138 34d90ed316d2b818ca9580ea384d924 01 ) 140 The 2 here indicates SHA-256 [RFC6594]. 142 9. IANA Considerations 144 This document augments the Public Key Algorithm Names in [RFC4250], 145 Section 4.6.2 [RFC4250]. 147 IANA is requested to add to the Public Key Algorithm Names registry 148 [IANA-PKA] with the following entry: 150 Public Key Algorithm Name Reference 151 ------------------------- ---------- 152 ssh-xmss This Draft 154 IANA is requested to add the following entry to the "SSHFP RR Types 155 for public key algorithms" registry [IANA-SSHFP]: 157 +--------+-------------+------------+ 159 | Value | Description | Reference | 161 +--------+-------------+------------+ 163 | TBD | xmss | [this-draft] | 165 +--------+-------------+------------+ 167 We strongly suggest 5 as value. 169 [TO BE REMOVED: This registration should take place at the following 170 location: ] 173 10. Security Considerations 175 The security considerations in [RFC4251], Section 9 [RFC4251] apply 176 to all SSH implementations, including those using xmss. 178 The security considerations in [RFC8391], Section 8 [RFC8391] apply 179 to all uses of xmss including those in SSH. 181 11. Acknowledgements 183 The OpenSSH implementation of XMSS in SSH was written by Markus 184 Friedl. We are also grateful to Daniel Migault for their comments. 186 12. References 188 12.1. Normative References 190 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 191 Requirement Levels", BCP 14, RFC 2119, 192 DOI 10.17487/RFC2119, March 1997, 193 . 195 [RFC4250] Lehtinen, S. and C. Lonvick, Ed., "The Secure Shell (SSH) 196 Protocol Assigned Numbers", RFC 4250, 197 DOI 10.17487/RFC4250, January 2006, 198 . 200 [RFC4251] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH) 201 Protocol Architecture", RFC 4251, DOI 10.17487/RFC4251, 202 January 2006, . 204 [RFC4253] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH) 205 Transport Layer Protocol", RFC 4253, DOI 10.17487/RFC4253, 206 January 2006, . 208 [RFC4255] Schlyter, J. and W. Griffin, "Using DNS to Securely 209 Publish Secure Shell (SSH) Key Fingerprints", RFC 4255, 210 DOI 10.17487/RFC4255, January 2006, 211 . 213 [RFC6594] Sury, O., "Use of the SHA-256 Algorithm with RSA, Digital 214 Signature Algorithm (DSA), and Elliptic Curve DSA (ECDSA) 215 in SSHFP Resource Records", RFC 6594, 216 DOI 10.17487/RFC6594, April 2012, 217 . 219 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 220 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 221 May 2017, . 223 [RFC8391] Huelsing, A., Butin, D., Gazdag, S., Rijneveld, J., and A. 224 Mohaisen, "XMSS: eXtended Merkle Signature Scheme", 225 RFC 8391, DOI 10.17487/RFC8391, May 2018, 226 . 228 12.2. Informative References 230 [IANA-PKA] 231 Internet Assigned Numbers Authority (IANA), "Secure Shell 232 (SSH) Protocol Parameters: Public Key Algorithm Names", 233 May 2017, . 236 [IANA-SSHFP] 237 Internet Assigned Numbers Authority (IANA), "Secure Shell 238 (SSH) Protocol Parameters: Public Key Algorithm Names", 239 May 2017, . 243 [OpenSSH-7.7] 244 Friedl, M., Provos, N., de Raadt, T., Steves, K., Miller, 245 D., Tucker, D., Rice, T., and B. Lindstrom, "OpenSSH 7.7 246 release notes", January 2018, 247 . 249 Authors' Addresses 251 Loganaden Velvindron 252 cyberstorm.mu 253 Avenue De Plevitz 254 Roches Brunes 255 Mauritius 257 Email: logan@cyberstorm.mu 259 Jeremie Daniel 260 cyberstorm.mu 261 25C, Thompson Road 262 Vacoas 263 Mauritius 265 Email: jeremie@cyberstorm.mu