QUIC-based UDP Transport for Secure Shell (SSH)
draft-bider-ssh-quic-07

Document Type Active Internet-Draft (individual)
Last updated 2020-08-05
Stream (None)
Intended RFC status (None)
Formats plain text html xml pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date
Responsible AD (None)
Send notices to (None)
Internet Engineering Task Force                                 d. bider
Internet-Draft                                           Bitvise Limited
Intended status: Informational                             5 August 2020
Expires: 6 February 2021

            QUIC-based UDP Transport for Secure Shell (SSH)
                        draft-bider-ssh-quic-07

Abstract

   The Secure Shell protocol (SSH) [RFC4251] is widely used for purposes
   including secure remote administration, file transfer using SFTP and
   SCP, and encrypted tunneling of TCP connections.  Because it is based
   on TCP, SSH suffers similar problems as motivate the HTTP protocol to
   transition to UDP-based QUIC [QUIC].  These include: unauthenticated
   network intermediaries can trivially disconnect SSH sessions; SSH
   connections are lost when mobile clients change IP addresses;
   performance limitations in OS-based TCP stacks; many round-trips to
   establish a connection; duplicate flow control on the level of the
   connection as well as channels.  This memo specifies SSH key exchange
   over UDP and leverages QUIC to provide a UDP-based transport.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 6 February 2021.

Copyright Notice

   Copyright (c) 2020 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (https://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.

bider                    Expires 6 February 2021                [Page 1]
Internet-Draft                  SSH/QUIC                     August 2020

   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.  Code Components
   extracted from this document must include Simplified BSD License text
   as described in Section 4.e of the Trust Legal Provisions and are
   provided without warranty as described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
     1.1.  Requirements Terminology  . . . . . . . . . . . . . . . .   3
   2.  SSH/QUIC key exchange . . . . . . . . . . . . . . . . . . . .   3
     2.1.  Distinguishing SSH key exchange from QUIC datagrams . . .   3
     2.2.  Wire Encoding . . . . . . . . . . . . . . . . . . . . . .   4
     2.3.  Obfuscated Envelope . . . . . . . . . . . . . . . . . . .   4
       2.3.1.  Obfuscation Keyword . . . . . . . . . . . . . . . . .   5
     2.4.  Packet Size Limits  . . . . . . . . . . . . . . . . . . .   6
     2.5.  Required QUIC Versions and TLS Cipher Suites  . . . . . .   6
     2.6.  Random Elements . . . . . . . . . . . . . . . . . . . . .   6
     2.7.  Errors in Key Exchange  . . . . . . . . . . . . . . . . .   8
       2.7.1.  "disc-reason" Extension Pair  . . . . . . . . . . . .   8
       2.7.2.  "err-desc" Extension Pair . . . . . . . . . . . . . .   8
     2.8.  SSH_QUIC_INIT . . . . . . . . . . . . . . . . . . . . . .   9
       2.8.1.  Extensibility . . . . . . . . . . . . . . . . . . . .  12
     2.9.  SSH_QUIC_REPLY  . . . . . . . . . . . . . . . . . . . . .  14
       2.9.1.  Error Reply . . . . . . . . . . . . . . . . . . . . .  17
       2.9.2.  Extensibility . . . . . . . . . . . . . . . . . . . .  17
     2.10. SSH_QUIC_CANCEL . . . . . . . . . . . . . . . . . . . . .  19
       2.10.1.  Extensibility  . . . . . . . . . . . . . . . . . . .  19
   3.  Key Exchange Methods  . . . . . . . . . . . . . . . . . . . .  20
     3.1.  Required Key Exchange Methods . . . . . . . . . . . . . .  21
     3.2.  Example 1: "curve25519-sha256"  . . . . . . . . . . . . .  22
     3.3.  Example 2: "diffie-hellman-group14-sha256"  . . . . . . .  22
   4.  SSH_MSG_EXT_INFO and the SSH Version String . . . . . . . . .  23
     4.1.  "ssh-version" . . . . . . . . . . . . . . . . . . . . . .  24
     4.2.  "no-flow-control" . . . . . . . . . . . . . . . . . . . .  24
     4.3.  "delay-compression" . . . . . . . . . . . . . . . . . . .  24
   5.  QUIC Session Setup  . . . . . . . . . . . . . . . . . . . . .  25
     5.1.  Shared Secrets  . . . . . . . . . . . . . . . . . . . . .  25
   6.  Adaptation of SSH to QUIC Streams . . . . . . . . . . . . . .  26
     6.1.  SSH/QUIC Packet Format  . . . . . . . . . . . . . . . . .  26
Show full document text