Extension Negotiation in Secure Shell (SSH)
draft-ietf-curdle-ssh-ext-info-14

Document Type Active Internet-Draft (curdle WG)
Last updated 2017-09-14
Replaces draft-ssh-ext-info
Stream IETF
Intended RFC status Proposed Standard
Formats plain text pdf html bibtex
Reviews GENART will not review this version
Stream WG state Submitted to IESG for Publication
Document shepherd Daniel Migault
Shepherd write-up Show (last changed 2017-06-01)
IESG IESG state IESG Evaluation::AD Followup
Consensus Boilerplate Yes
Telechat date
Has enough positions to pass.
Responsible AD Eric Rescorla
Send notices to Daniel Migault <daniel.migault@ericsson.com>
IANA IANA review state Version Changed - Review Needed
IANA action state None
Internet-Draft                                                  D. Bider
Updates: 4252, 4253, 4254 (if approved)                  Bitvise Limited
Intended status: Standards Track                      September 14, 2017
Expires: March 14, 2018

               Extension Negotiation in Secure Shell (SSH)
                  draft-ietf-curdle-ssh-ext-info-14.txt

Abstract

  This memo updates RFC 4252, RFC 4253, and RFC 4254 to define a
  mechanism for SSH clients and servers to exchange information about
  supported protocol extensions confidentially after SSH key exchange.

Status

  This Internet-Draft is submitted in full conformance with the
  provisions of BCP 78 and BCP 79.

  Internet-Drafts are working documents of the Internet Engineering Task
  Force (IETF), its areas, and its working groups.  Note that other
  groups may also distribute working documents as Internet-Drafts.

  Internet-Drafts are draft documents valid for a maximum of six months
  and may be updated, replaced, or obsoleted by other documents at any
  time. It is inappropriate to use Internet-Drafts as reference material
  or to cite them other than as "work in progress."

  The list of current Internet-Drafts can be accessed at
  http://www.ietf.org/1id-abstracts.html
  
  The list of Internet-Draft Shadow Directories can be accessed at
  http://www.ietf.org/shadow.html

Copyright

  Copyright (c) 2017 IETF Trust and the persons identified as the
  document authors.  All rights reserved.

  This document is subject to BCP 78 and the IETF Trust's Legal
  Provisions Relating to IETF Documents
  (http://trustee.ietf.org/license-info) in effect on the date of
  publication of this document.  Please review these documents
  carefully, as they describe your rights and restrictions with respect
  to this document.  Code Components extracted from this document must
  include Simplified BSD License text as described in Section 4.e of
  the Trust Legal Provisions and are provided without warranty as
  described in the Simplified BSD License.

Bider                                                           [Page 1]
Internet-Draft        Extension Negotiation in SSH        September 2017

Table of Contents

  1. Overview and Rationale ...........................................3
      1.1. Requirements Terminology ...................................3
      1.2. Wire Encoding Terminology ..................................3
  2. Extension Negotiation Mechanism ..................................3
     2.1. Signaling of Extension Negotiation in SSH_MSG_KEXINIT .......3
     2.2. Enabling Criteria ...........................................4
     2.3. SSH_MSG_EXT_INFO Message ....................................4
     2.4. Message Order ...............................................4
     2.5. Interpretation of Extension Names and Values ................5
  3. Initially Defined Extensions .....................................6
     3.1. "server-sig-algs" ...........................................6
     3.2. "delay-compression" .........................................7
          3.2.1. Awkwardly Timed Key Re-Exchange ......................8
          3.2.2. Subsequent Re-Exchange ...............................8
          3.2.3. Compatibility Note: OpenSSH up to 7.5 ................8
     3.3. "no-flow-control" ...........................................9
          3.3.1. Prior "No Flow Control" Practice .....................9
     3.4. "elevation" ................................................10
  4. IANA Considerations .............................................11
     4.1. Additions to existing tables ...............................11
     4.2. New table: Extension Names .................................11
          4.2.1. Future Assignments to Extension Names ...............11
  5. Security Considerations .........................................11
  6. References ......................................................12
     6.1. Normative References .......................................12
     6.2. Informative References .....................................12
  Author's Address ...................................................13
  Acknowledgments ....................................................13

Bider                                                           [Page 2]
Internet-Draft        Extension Negotiation in SSH        September 2017

1.  Overview and Rationale

  Secure Shell (SSH) is a common protocol for secure communication on
  the Internet. The original design of the SSH transport layer [RFC4253]
  lacks proper extension negotiation. Meanwhile, diverse implementations
  take steps to ensure that known message types contain no unrecognized
  information. This makes it difficult for implementations to signal
Show full document text