QUIC-based UDP Transport for Secure Shell (SSH)
draft-bider-ssh-quic-09
|
| Document |
Type |
|
Active Internet-Draft (individual)
|
|
Author |
|
denis bider
|
|
Last updated |
|
2020-12-02
|
|
Stream |
|
(None)
|
|
Intended RFC status |
|
(None)
|
|
Formats |
|
plain text
html
xml
pdf
htmlized (tools)
htmlized
bibtex
|
| Stream |
Stream state |
|
(No stream defined) |
|
Consensus Boilerplate |
|
Unknown
|
|
RFC Editor Note |
|
(None)
|
| IESG |
IESG state |
|
I-D Exists
|
|
Telechat date |
|
|
|
Responsible AD |
|
(None)
|
|
Send notices to |
|
(None)
|
Internet Engineering Task Force d. bider
Internet-Draft Bitvise Limited
Intended status: Informational 2 December 2020
Expires: 5 June 2021
QUIC-based UDP Transport for Secure Shell (SSH)
draft-bider-ssh-quic-09
Abstract
The Secure Shell protocol (SSH) [RFC4251] is widely used for purposes
including secure remote administration, file transfer using SFTP and
SCP, and encrypted tunneling of TCP connections. Because it is based
on TCP, SSH suffers similar problems as motivate the HTTP protocol to
transition to UDP-based QUIC [QUIC]. These include: unauthenticated
network intermediaries can trivially disconnect SSH sessions; SSH
connections are lost when mobile clients change IP addresses;
performance limitations in OS-based TCP stacks; many round-trips to
establish a connection; duplicate flow control on the level of the
connection as well as channels. This memo specifies SSH key exchange
over UDP and leverages QUIC to provide a UDP-based transport.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 5 June 2021.
Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
bider Expires 5 June 2021 [Page 1]
Internet-Draft SSH/QUIC December 2020
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Simplified BSD License text
as described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Requirements Terminology . . . . . . . . . . . . . . . . 3
2. SSH/QUIC key exchange . . . . . . . . . . . . . . . . . . . . 3
2.1. Distinguishing SSH key exchange from QUIC datagrams . . . 3
2.2. Wire Encoding . . . . . . . . . . . . . . . . . . . . . . 4
2.3. Obfuscated Envelope . . . . . . . . . . . . . . . . . . . 4
2.3.1. Obfuscation Keyword . . . . . . . . . . . . . . . . . 5
2.4. Packet Size Limits . . . . . . . . . . . . . . . . . . . 6
2.5. Required QUIC Versions and TLS Cipher Suites . . . . . . 6
2.6. Random Elements . . . . . . . . . . . . . . . . . . . . . 6
2.7. Errors in Key Exchange . . . . . . . . . . . . . . . . . 8
2.7.1. "disc-reason" Extension Pair . . . . . . . . . . . . 8
2.7.2. "err-desc" Extension Pair . . . . . . . . . . . . . . 9
2.8. SSH_QUIC_INIT . . . . . . . . . . . . . . . . . . . . . . 9
2.8.1. Extensibility . . . . . . . . . . . . . . . . . . . . 13
2.9. SSH_QUIC_REPLY . . . . . . . . . . . . . . . . . . . . . 14
2.9.1. Error Reply . . . . . . . . . . . . . . . . . . . . . 17
2.9.2. Extensibility . . . . . . . . . . . . . . . . . . . . 17
2.10. SSH_QUIC_CANCEL . . . . . . . . . . . . . . . . . . . . . 19
2.10.1. Extensibility . . . . . . . . . . . . . . . . . . . 19
3. Key Exchange Methods . . . . . . . . . . . . . . . . . . . . 20
3.1. Required Key Exchange Methods . . . . . . . . . . . . . . 21
3.2. Example 1: "curve25519-sha256" . . . . . . . . . . . . . 22
3.3. Example 2: "diffie-hellman-group14-sha256" . . . . . . . 22
4. SSH_MSG_EXT_INFO and the SSH Version String . . . . . . . . . 23
4.1. "ssh-version" . . . . . . . . . . . . . . . . . . . . . . 24
4.2. "no-flow-control" . . . . . . . . . . . . . . . . . . . . 24
4.3. "delay-compression" . . . . . . . . . . . . . . . . . . . 24
5. QUIC Session Setup . . . . . . . . . . . . . . . . . . . . . 25
5.1. Shared Secrets . . . . . . . . . . . . . . . . . . . . . 25
6. Adaptation of SSH to QUIC Streams . . . . . . . . . . . . . . 26
6.1. SSH/QUIC Packet Format . . . . . . . . . . . . . . . . . 26
Show full document text