Use of RSA Keys with SHA-2 256 and 512 in Secure Shell (SSH)
draft-ietf-curdle-rsa-sha2-07

Document Type Active Internet-Draft (curdle WG)
Last updated 2017-05-03
Replaces draft-rsa-dsa-sha2-256
Stream IETF
Intended RFC status (None)
Formats plain text pdf html bibtex
Stream WG state In WG Last Call
Document shepherd Daniel Migault
Shepherd write-up Show (last changed 2017-05-26)
IESG IESG state I-D Exists
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to Daniel Migault <daniel.migault@ericsson.com>
Internet-Draft                                                  D. Bider
Updates: 4252, 4253 (if approved)                        Bitvise Limited
Intended status: Standards Track                             May 4, 2017
Expires: November 4, 2017

      Use of RSA Keys with SHA-2 256 and 512 in Secure Shell (SSH)
                   draft-ietf-curdle-rsa-sha2-07.txt

Abstract

  This memo updates RFC 4252 and RFC 4253 to define new public key
  algorithms for use of RSA keys with SHA-2 hashing for server and
  client authentication in SSH connections.

Status

  This Internet-Draft is submitted in full conformance with the
  provisions of BCP 78 and BCP 79.

  Internet-Drafts are working documents of the Internet Engineering Task
  Force (IETF), its areas, and its working groups.  Note that other
  groups may also distribute working documents as Internet-Drafts.

  Internet-Drafts are draft documents valid for a maximum of six months
  and may be updated, replaced, or obsoleted by other documents at any
  time. It is inappropriate to use Internet-Drafts as reference material
  or to cite them other than as "work in progress."

  The list of current Internet-Drafts can be accessed at
  http://www.ietf.org/1id-abstracts.html
  
  The list of Internet-Draft Shadow Directories can be accessed at
  http://www.ietf.org/shadow.html

Copyright

  Copyright (c) 2017 IETF Trust and the persons identified as the
  document authors.  All rights reserved.

  This document is subject to BCP 78 and the IETF Trust's Legal
  Provisions Relating to IETF Documents
  (http://trustee.ietf.org/license-info) in effect on the date of
  publication of this document.  Please review these documents
  carefully, as they describe your rights and restrictions with respect
  to this document.  Code Components extracted from this document must
  include Simplified BSD License text as described in Section 4.e of
  the Trust Legal Provisions and are provided without warranty as
  described in the Simplified BSD License.

Bider                                                           [Page 1]
Internet-Draft         RSA Keys with SHA-2 in SSH               May 2017

  This document may contain material from IETF Documents or IETF
  Contributions published or made publicly available before November 10,
  2008. The person(s) controlling the copyright in some of this material
  may not have granted the IETF Trust the right to allow modifications
  of such material outside the IETF Standards Process. Without obtaining
  an adequate license from the person(s) controlling the copyright in
  such materials, this document may not be modified outside the IETF
  Standards Process, and derivative works of it may not be created
  outside the IETF Standards Process, except to format it for
  publication as an RFC or to translate it into languages other than
  English.

1.  Overview and Rationale

  Secure Shell (SSH) is a common protocol for secure communication on
  the Internet. In [RFC4253], SSH originally defined the public key
  algorithms "ssh-rsa" for server and client authentication using RSA
  with SHA-1, and "ssh-dss" using 1024-bit DSA and SHA-1.
   
  A decade later, these algorithms are considered deficient. For US
  government use, NIST has disallowed 1024-bit RSA and DSA, and use of
  SHA-1 for signing [800-131A].
   
  This memo defines new public key algorithms allowing for interoperable
  use of existing and new RSA keys with SHA-2 hashing.

1.1.  Requirements Terminology

  The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
  "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
  document are to be interpreted as described in [RFC2119].

1.2.  Wire Encoding Terminology

  The wire encoding types in this document - "boolean", "byte",
  "string", "mpint" - have meanings as described in [RFC4251].

2.  Public Key Format vs. Public Key Algorithm

  In [RFC4252], the concept "public key algorithm" is used to establish
  a relationship between one algorithm name, and:
  
  A. Procedures used to generate and validate a private/public keypair.
  B. A format used to encode a public key.
  C. Procedures used to calculate, encode, and verify a signature.
  
  This document uses the term "public key format" to identify only A and
  B in isolation. The term "public key algorithm" continues to identify
  all three aspects A, B, and C.

Bider                                                           [Page 2]
Internet-Draft         RSA Keys with SHA-2 in SSH               May 2017
Show full document text