idnits 2.17.1 draft-os-ietf-sshfp-ecdsa-sha2-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 139: '...key fingerprints MUST use SHA-256 algo...' RFC 2119 keyword, line 145: '... implementations SHOULD support the SH...' RFC 2119 keyword, line 147: '...t SHA-256 fingerprints MUST prefer the...' RFC 2119 keyword, line 154: '...r the public key SHOULD support SSHFP ...' -- The draft header indicates that this document updates RFC4255, but the abstract doesn't seem to mention this, which it should. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year (Using the creation date from RFC4255, updated by this document, for RFC5378 checks: 2002-08-13) -- The document seems to contain a disclaimer for pre-RFC5378 work, and may have content which was first submitted before 10 November 2008. The disclaimer is necessary when there are original authors that you have been unable to contact, or if some do not wish to grant the BCP78 rights to the IETF Trust. If you are able to get all authors (current and original) to grant those rights, you can and should remove the disclaimer; otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (November 23, 2011) is 4537 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Downref: Normative reference to an Informational RFC: RFC 6090 -- Possible downref: Non-RFC (?) normative reference: ref. 'SSHFPVALS' Summary: 2 errors (**), 0 flaws (~~), 1 warning (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group O. Sury 3 Internet-Draft CZ.NIC 4 Updates: 4255 (if approved) November 23, 2011 5 Intended status: Standards Track 6 Expires: May 26, 2012 8 Use of SHA-256 Algorithm with RSA, DSA and ECDSA in SSHFP Resource 9 Records 10 draft-os-ietf-sshfp-ecdsa-sha2-01 12 Abstract 14 This document defines how to store Secure Shell (SSH) ECDSA public 15 keys and SHA-256 fingerprints in SSHFP Resource Records. 17 Status of This Memo 19 This Internet-Draft is submitted in full conformance with the 20 provisions of BCP 78 and BCP 79. 22 Internet-Drafts are working documents of the Internet Engineering 23 Task Force (IETF). Note that other groups may also distribute 24 working documents as Internet-Drafts. The list of current Internet- 25 Drafts is at http://datatracker.ietf.org/drafts/current/. 27 Internet-Drafts are draft documents valid for a maximum of six months 28 and may be updated, replaced, or obsoleted by other documents at any 29 time. It is inappropriate to use Internet-Drafts as reference 30 material or to cite them other than as "work in progress." 32 This Internet-Draft will expire on May 26, 2012. 34 Copyright Notice 36 Copyright (c) 2011 IETF Trust and the persons identified as the 37 document authors. All rights reserved. 39 This document is subject to BCP 78 and the IETF Trust's Legal 40 Provisions Relating to IETF Documents 41 (http://trustee.ietf.org/license-info) in effect on the date of 42 publication of this document. Please review these documents 43 carefully, as they describe your rights and restrictions with respect 44 to this document. Code Components extracted from this document must 45 include Simplified BSD License text as described in Section 4.e of 46 the Trust Legal Provisions and are provided without warranty as 47 described in the Simplified BSD License. 49 This document may contain material from IETF Documents or IETF 50 Contributions published or made publicly available before November 51 10, 2008. The person(s) controlling the copyright in some of this 52 material may not have granted the IETF Trust the right to allow 53 modifications of such material outside the IETF Standards Process. 54 Without obtaining an adequate license from the person(s) controlling 55 the copyright in such materials, this document may not be modified 56 outside the IETF Standards Process, and derivative works of it may 57 not be created outside the IETF Standards Process, except to format 58 it for publication as an RFC or to translate it into languages other 59 than English. 61 Table of Contents 63 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 64 2. SSHFP Resource Records . . . . . . . . . . . . . . . . . . . . 3 65 2.1. SSHFP Fingerprint Type Specification . . . . . . . . . . . 3 66 2.1.1. SHA-256 SSHFP Fingerprint Type Specification . . . . . 3 67 2.2. SSHFP Algorithm Number Specification . . . . . . . . . . . 3 68 2.2.1. ECDSA SSHFP Algorithm Number Specification . . . . . . 4 69 3. Implementation Considerations . . . . . . . . . . . . . . . . . 4 70 3.1. Support for SHA-256 fingerprints . . . . . . . . . . . . . 4 71 3.2. Support for ECDSA . . . . . . . . . . . . . . . . . . . . . 4 72 4. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 73 4.1. RSA public key . . . . . . . . . . . . . . . . . . . . . . 5 74 4.1.1. RSA public key with SHA1 fingerprint . . . . . . . . . 5 75 4.1.2. RSA public key with SHA256 fingerprint . . . . . . . . 5 76 4.2. DSA public key . . . . . . . . . . . . . . . . . . . . . . 6 77 4.2.1. DSA public key with SHA1 fingerprint . . . . . . . . . 6 78 4.2.2. DSA public key with SHA256 fingerprint . . . . . . . . 6 79 4.3. ECDSA public key . . . . . . . . . . . . . . . . . . . . . 6 80 4.3.1. ECDSA public key with SHA256 fingerprint . . . . . . . 7 81 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 7 82 5.1. SSHFP RR Types for public key algorithms . . . . . . . . . 7 83 5.2. SSHFP RR types for fingerprint types . . . . . . . . . . . 7 84 6. Security Considerations . . . . . . . . . . . . . . . . . . . . 7 85 7. Normative References . . . . . . . . . . . . . . . . . . . . . 8 87 1. Introduction 89 The Domain Name System (DNS) is the global, hierarchical distributed 90 database for Internet Naming. The Secure Shell (SSH) is a protocol 91 for secure remote login and other secure network services over an 92 insecure network. RFC 4253 [RFC4253] defines Public Key Algorithms 93 for the Secure Shell server public keys. 95 The DNS has been extended to store fingerprints in a DNS recource 96 record named SSHFP [RFC4255], which provide out-of-band verification 97 by looking up a fingerprint of the server public key in the DNS 98 [RFC1034], [RFC1035] and using DNSSEC [RFC4033], [RFC4034], [RFC4035] 99 to verify the lookup. 101 RFC 4255 [RFC4255] describes how to store SSH public keys in SSHFP 102 resource records and specifies a list of cryptographic algorithms to 103 use for Algorithm Number and Fingerprint Type. This document 104 extendes the SSHFP Algorithm Number list with the ECDSA algorithm 105 [RFC6090] which has been added to Secure Shell Public Key list in RFC 106 5656 [RFC5656] and the SSHFP Fingerprint Type list with SHA-256 107 algorithm. 109 Familiarity with DNSSEC, SSH Protocol [RFC4251], [RFC4253], 110 [RFC4250], SSHFP [RFC4255], and the SHA-2 [FIPS.180-3.2008] family of 111 algorithms is assumed in this document. 113 This document updates RFC 4255 [RFC4255]. 115 2. SSHFP Resource Records 117 The format of the SSHFP RR can be found in RFC 4255 [RFC4255]. 119 2.1. SSHFP Fingerprint Type Specification 121 The fingerprint type octet describes the message-digest algorithm 122 used to calculate the fingerprint of the public key. 124 2.1.1. SHA-256 SSHFP Fingerprint Type Specification 126 SHA-256 fingerprints of the public keys are stored in SSHFP Resource 127 Record with the fingerprint type 2. 129 2.2. SSHFP Algorithm Number Specification 131 The SSHFP Resource Record algorithm number octet describes the 132 algorithm of the public key. 134 2.2.1. ECDSA SSHFP Algorithm Number Specification 136 ECDSA public keys are stored in SSHFP Resource Records with the 137 algorithm number 3. 139 ECDSA public key fingerprints MUST use SHA-256 algorithm fingerprint. 141 3. Implementation Considerations 143 3.1. Support for SHA-256 fingerprints 145 SSHFP-aware Secure Shell implementations SHOULD support the SHA-256 146 fingerprints for verification of the public key. Secure Shell 147 implementations which support SHA-256 fingerprints MUST prefer the 148 SHA-256 fingerprints if available over SHA-1 to prevent downgrade 149 attacks. 151 3.2. Support for ECDSA 153 SSHFP-aware Secure Shell implementations which also implement ECDSA 154 algorithm for the public key SHOULD support SSHFP fingerprints for 155 ECDSA public keys. 157 4. Examples 158 4.1. RSA public key 160 Given a private key with the following value in OpenSSH format: 162 -----BEGIN RSA PRIVATE KEY----- 163 MIIEpAIBAAKCAQEAwlEeCTocU4p86u0Dt20F1uI5jwgrpRbJ4fGIuzCsKTJ3fevk 164 +7le5xMMvuvhlmLvfCMRSQciIxV1/2ugVw6d/O/MHsx9Q2drTQ/7bv3rnc+hK6Ux 165 WJp1S8hAwEWEs1QTULiCtVA6r7wein3yXMre/BacFtu3rhpKhJGpuxmrqz0QIMF3 166 oQwf4DMEbV1UWftd82FpAJgGPuTgFlZnV7kFZuZI5b3Dc7aNh95t56ibQ+CfS9ZS 167 j7klVasCa+P+oYm1yZEBL1qVL3TgFMN36yqTcGvd9n1xZN5HuK7A40P1vBspXjLS 168 t08fLROM9cLqMF7WHugWvKtywD7P5tkuKVLHMQIDAQABAoIBAQCrZP1HSjhd/5M7 169 bB+RFNrHtPbsEFre3QDpCDCAW+ge1mLLcNyio9jvnL/rTwfFrDJsnknKzj3wECfq 170 STY+U6hKyACVUe1THM9qQ6SVO+ctZUxVwPmLm4HGfDWQ4kCwJIJ8+qJf5wo8o4OU 171 yI6UBmU0mYTILLkRGiOMVycM3xGqkUJHcjj82GLWNKakdp1CuFtmyF0aUnlDp5gm 172 Ub0GgCgBFCO+/Eb7OoqZufhS6bisRyDEozLNO/I0Ih7lZgsaywOsjeXOZ2+zHH98 173 +RVrnZ6PObxPp2WmSA268gW02k2rWRGTg95boSLdxv2C1nBvdqsMXnq8hVcfKigO 174 bYH1uIOBAoGBAOBkncI1ZYOd8mye4a+hgzBgxdzrEl3QCAm3qSw5Gsz6FwTAZAit 175 u4lRSXb0birYKfJjcZ7Og/07r0KCMuCku/CTpbZP0gCSyd7SaeovFs1y9tUuY8r+ 176 iT+FxFeOQ9PcYcOccivzkLwINOrG/Glm8UWUngCRDgo/CSOSTf06juY5AoGBAN2v 177 /DQeQl/uATmIyfOGsZA4IdmAfhY8P60GVdk8zFZyDW5qmJklDA75ObepUtDnAcDd 178 NzkNyKZBIX6aFoMkXAzwMCxk6KU3gkbciuCydCXf323fKCS7SHIk+btGa+eRhUcO 179 HzPlzUqxrqg7ouQ1n2/zLbiN10zwWCPYzTGAwai5AoGBAJ9b9YnqQAjkEDnB8Ee5 180 7aBa6cpGC8oiJsM38uYcPANcjSJru99J+si/uOvJFcBJuiiRJS0CP0yFqacTLizJ 181 8UseoG5Ea8DKfqFHT77n6ErKHbAyfN66PCCn0FPaDiOU/L1eCttZ4+0V6vbdkH8O 182 g8TFkhyW56CxOb1QdyCjCL9JAoGAcexxcBsowwGdkYKRPdu3PkUKaCrXIPgfRPyf 183 e376B2afLmILP5BBTSSYm6ChVYeRaBqGuYQy2/VWkCgBb61svJ1mNDo7MESBZ4cI 184 u4YZmCkfOehXSeEQzs/fonUDGMK4uhYwxMvQnxUGi5/yCtLft3lBwrjprrlIoktU 185 z566ZskCgYBRFqGVaZZQgLeiEjuRtxo0MOmQvN3fwfgd7HbHoNjyalPRCUOurmDk 186 rIpSmbeIABBWveapZwidXNRdbAqV/XZ+tEHeak4peanFGIUV5J4P9kg6eakuwC14 187 wU+VnpDUATpddCID+jf7ory9bCvJ4gvKlyDq5PJyR8uiut+BY0m7Hg== 188 -----END RSA PRIVATE KEY----- 190 4.1.1. RSA public key with SHA1 fingerprint 192 The SSHFP Resource Record for this key would be: 194 server.example.net IN SSHFP 1 1 dd465c09cfa51fb45020cc83316fff21 195 b9ec74ac 197 4.1.2. RSA public key with SHA256 fingerprint 199 The SSHFP Resource Record for this key would be: 201 server.example.net IN SSHFP 1 2 b049f950d1397b8fee6a61e4d14a9acd 202 c4721e084eff5460bbed80cfaa2ce2cb 204 4.2. DSA public key 206 Given a private key with the following value in OpenSSH format: 208 -----BEGIN DSA PRIVATE KEY----- 209 MIIBvAIBAAKBgQD1Ra3NFN+oFmssG3yc43L/Hn9d6gF+BCZfDWusar14dbfmgiRH 210 Uu7KEY7byuCrDYZO/A43bZ34RIchShxzc94uv3P7PZT9FI1e5kQKOpwOwNxrOokB 211 JW+jvRapuolUgum2FopU0gdLWHp3BBCVKGgLmvGEBf7sUcz60Xl8Rqh54wIVAML0 212 z+mWLxUhWYQY47TALVN5RM3jAoGBAIANhW5G23qNPrv6sPJkBThVmaU2qjaO3e46 213 L95mo24eS6hFQ+8k9zEtRkhoY4L74brP3oTE6s2G403NLM1DPSZ8E+8ateT9mWAy 214 vfCFca8N9YzLbFFBJgageA1I07q7XGlpifSzWj9f5OGzKNP4aLZznDlZyD7EywRV 215 lb3TUcVAAoGAOZcDcK01NTM1qIIYbBqCffrwjQ+9PmsuSKI6nUzfS4NysXHkdbW5 216 u5VxeXLcwWj5PGbRfoS2P3vwYAmakqgq502wigam18u9nAczUYl+2kOeOiIRrtSm 217 LfpV7thLOAb8k1ESjIlkbn35jKmTcoMFRXbFmkKRTK8OEnWQ8AVg6w8CFQCS/nI5 218 MhAE/LKS/rJ5fSZ/j+/dNw== 219 -----END DSA PRIVATE KEY----- 221 4.2.1. DSA public key with SHA1 fingerprint 223 The SSHFP Resource Record for this key would be: 225 server.example.net IN SSHFP 2 1 3b6ba6110f5ffcd29469fc1ec2ee25d6 226 1718badd 228 4.2.2. DSA public key with SHA256 fingerprint 230 The SSHFP Resource Record for this key would be: 232 server.example.net IN SSHFP 2 2 f9b8a6a460639306f1b38910456a6ae1 233 018a253c47ecec12db77d7a0878b4d83 235 4.3. ECDSA public key 237 Given a private key with the following value in OpenSSH format: 239 -----BEGIN EC PRIVATE KEY----- 240 MHcCAQEEINFBNyh3bKEQ4CQ7MfNgbEGINuRHjaIBrZkiWbaGPCZZoAoGCCqGSM49 241 AwEHoUQDQgAEAP70I5SJftZiBy8g50jz52N2gUNVRPE2tyiDyxJh1sjN4b5th2yy 242 y9zLL+dF9WFcLlAEKTwhOGqzsPj+UXFfmA== 243 -----END EC PRIVATE KEY----- 245 4.3.1. ECDSA public key with SHA256 fingerprint 247 The SSHFP Resource Record for this key would be: 249 server.example.net IN SSHFP 3 2 821eb6c1c98d9cc827ab7f456304c0f1 250 4785b7008d9e8646a8519de80849afc7 252 5. IANA Considerations 254 This document updates the IANA registry "SSHFP RR Types for public 255 key algorithms" and "SSHFP RR types for fingerprint types" 256 [SSHFPVALS]. 258 5.1. SSHFP RR Types for public key algorithms 260 The following entries are added to the "SSHFP RR Types for public key 261 algorithms" registry: 263 +-------+-------------+------------+ 264 | Value | Description | Reference | 265 +-------+-------------+------------+ 266 | 3 | ECDSA | [This doc] | 267 +-------+-------------+------------+ 269 Table 1 271 5.2. SSHFP RR types for fingerprint types 273 The following entries are added to the "SSHFP RR types for 274 fingerprint types" registry: 276 +-------+-------------+------------+ 277 | Value | Description | Reference | 278 +-------+-------------+------------+ 279 | 2 | SHA-256 | [This doc] | 280 +-------+-------------+------------+ 282 Table 2 284 6. Security Considerations 286 Please see the security considerations in [RFC4255] for SSHFP record 287 and [RFC5656] for ECDSA algorithm. 289 Users of SSHFP are encouraged to deploy SHA-256 as soon as software 290 implementations allow for it. SHA-2 family of algorithms is widely 291 believed to be more resilient to attack than SHA-1, and confidence in 292 SHA-1's strength is being eroded by recently announced attacks. 294 Regardless of whether or not the attacks on SHA-1 will affect SSHFP, 295 it is believed (at the time of this writing) that SHA-256 is the 296 better choice for use in SSHFP records. 298 SHA-256 is considered sufficiently strong for the immediate future, 299 but predictions about future development in cryptography and 300 cryptanalysis are beyond the scope of this document. 302 7. Normative References 304 [FIPS.180-3.2008] 305 National Institute of Standards and Technology, ""Secure 306 Hash Standard"", FIPS PUB 180-3, October 2008, . 310 [RFC1034] Mockapetris, P., "Domain names - concepts and facilities", 311 STD 13, RFC 1034, November 1987. 313 [RFC1035] Mockapetris, P., "Domain names - implementation and 314 specification", STD 13, RFC 1035, November 1987. 316 [RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S. 317 Rose, "DNS Security Introduction and Requirements", 318 RFC 4033, March 2005. 320 [RFC4034] Arends, R., Austein, R., Larson, M., Massey, D., and S. 321 Rose, "Resource Records for the DNS Security Extensions", 322 RFC 4034, March 2005. 324 [RFC4035] Arends, R., Austein, R., Larson, M., Massey, D., and S. 325 Rose, "Protocol Modifications for the DNS Security 326 Extensions", RFC 4035, March 2005. 328 [RFC4250] Lehtinen, S. and C. Lonvick, "The Secure Shell (SSH) 329 Protocol Assigned Numbers", RFC 4250, January 2006. 331 [RFC4251] Ylonen, T. and C. Lonvick, "The Secure Shell (SSH) 332 Protocol Architecture", RFC 4251, January 2006. 334 [RFC4253] Ylonen, T. and C. Lonvick, "The Secure Shell (SSH) 335 Transport Layer Protocol", RFC 4253, January 2006. 337 [RFC4255] Schlyter, J. and W. Griffin, "Using DNS to Securely 338 Publish Secure Shell (SSH) Key Fingerprints", RFC 4255, 339 January 2006. 341 [RFC5656] Stebila, D. and J. Green, "Elliptic Curve Algorithm 342 Integration in the Secure Shell Transport Layer", 343 RFC 5656, December 2009. 345 [RFC6090] McGrew, D., Igoe, K., and M. Salter, "Fundamental Elliptic 346 Curve Cryptography Algorithms", RFC 6090, February 2011. 348 [SSHFPVALS] 349 IANA, ""DNS SSHFP Resource Records Parameters"", IANA 350 registry available at:, . 353 Author's Address 355 Ondrej Sury 356 CZ.NIC 357 Americka 23 358 120 00 Praha 2 359 CZ 361 Phone: +420 222 745 110 362 Email: ondrej.sury@nic.cz