Using Ed25519 in SSHFP Resource Records
draft-moonesamy-sshfp-ed25519-02

[Ballot comment]
I'm still not super pleased that we're assigning a code point without a spec for how to use this algorithm in SSH.  But I've convinced myself that the design space is constrained enough here that a developer could probably figure things out.  If this does end up getting used, we should come back and make sure it's clear.

[Ballot discuss]
This document seems OK on its own, but I'm kind of perplexed that we're pondering publishing it without any spec for how it should be used (!)  Nobody has bothered to document how Ed25519 is actually used with SSH.  At least not in an RFC, or anything referenced from this document.

It seems like this at least needs a reference to some spec for how Ed25519 is used, and probably also needs to update the other SSH registries so that, e.g., there's a defined key format / algorithm name for Ed25519.

[Ballot comment]
A problem was discussed in detail through the SecDir review and I don't see an update in the draft to reflect that discussion.  It would be good to understand how to make this interoperable - "there is not enough information in the draft to know what goes into the hash that is the subject of the code point assignment.". 

If Stephen's okay with not having that included, since the draft is a code point assignment, I won't argue it, but would like to know if the sentence will be added as listed in response to the SecDir review to state that it isn't specified anywhere:

https://www.ietf.org/mail-archive/web/secdir/current/msg04831.html

> That's a fair point.  I propose adding the following text in Section 2
> as a warning to the reader:
>
>  The format of the ED25519 public key with SHA-256 fingerprint is
>  not documented in an authoritative specification.

IESG/Authors/WG Chairs:

IANA has reviewed draft-moonesamy-sshfp-ed25519-01.  Authors should review the comments and/or questions below.  Please report any inaccuracies and respond to any questions as soon as possible.

IANA's reviewer has the following comments/questions:

IANA understands that, upon approval of this document, there is a single action which IANA must complete.

In the SSHFP RR Types for public key algorithms subregistry of the DNS SSHFP Resource Record Parameters registry located at:

http://www.iana.org/assignments/dns-sshfp-rr-parameters/

The following temporary registration will be made permanent by changing the reference from the I-D to the RFC and updating the Description accordingly:

Value: 4
Description: ED25519 (TEMPORARY - expires 2015-05-09)
Reference: [ RFC-to-be ]

Note:  The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is only to confirm what actions will be performed.

The following Last Call announcement was sent out:

From: The IESG
To: IETF-Announce
Reply-To: ietf@ietf.org
Sender:
Subject: Last Call:  (Using ED25519 in SSHFP Resource Records) to Informational RFC


The IESG has received a request from an individual submitter to consider
the following document:
- 'Using ED25519 in SSHFP Resource Records'
  as Informational RFC

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2014-05-29. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


  The Ed25519 signature algorithm has been implemented in OpenSSH.
  This document updates the IANA "SSHFP RR Types for public key
  algorithms" registry by adding an algorithm number for Ed25519.



The file can be obtained via
http://datatracker.ietf.org/doc/draft-moonesamy-sshfp-ed25519/

IESG discussion can be tracked via
http://datatracker.ietf.org/doc/draft-moonesamy-sshfp-ed25519/ballot/


No IPR declarations have been submitted directly on this I-D.

Note that there is no current standardised format for the input
to the hash function here, but there are two implementations
of this so a codepoint is needed and useful. A standard public
key format is likely to be developed in future (but could take
some time) at which point it may make sense to assign another
codepoint, but there are no issues with codepoint scarcity here
so that seems like it will work given the implemeners seem ok
with it, even if its not ideal.

(1) What type of RFC is being requested (BCP, Proposed Standard,
Internet Standard, Informational, Experimental, or Historic)?  Why
is this the proper type of RFC?  Is this type of RFC indicated in the
title page header?

    The type of RFC being requested is Informational.  The draft contains
    a request for a code point assignment for ED25519 in the SSHFP RR
    Types for public key algorithms registry.  The type is  indicated in
    the title page header.

(2) The approval announcement contains the following sections:

Technical Summary

  This document updates the IANA "SSHFP RR Types for public key
  algorithms" registry by adding an algorithm number for Ed25519.

Working Group Summary

  The document was discussed on the SAAG mailing list.  Comments about the
  Ed25519 signature algorithm were solicited from CFRG.  There was feedback
  about Ed25519 during an interim CFRG meeting.

Document Quality

  The document does not specify a protocol.  The document was reviewed on the
  SAAG and CFRG mailing lists.

Personnel

  Stephen Farrell is the Responsible Area Director.

(3) Briefly describe the review of this document that was performed by
the Document Shepherd.  If this version of the document is not ready
for publication, please explain why the document is being forwarded to
the IESG.
    I have personally reviewed this version of the document.  I believe
    that this version is reading for forwarding to the IESG for publication

(4) Does the document Shepherd have any concerns about the depth or
breadth of the reviews that have been performed? 
    This document was discussed on the SAAG and CFRG mailing lists by at least
    five individuals.  There weren't any concerns.


(5) Do portions of the document need review from a particular or from
broader perspective, e.g., security, operational complexity, AAA, DNS,
DHCP, XML, or internationalization? If so, describe the review that
took place.
    The document does not introduce any additional complexity.  Comments have
    been requested from the ietf-ssh mailing list.


(6) Describe any specific concerns or issues that the Document Shepherd
has with this document that the Responsible Area Director and/or the
IESG should be aware of? For example, perhaps he or she is uncomfortable
with certain parts of the document, or has concerns whether there really
is a need for it. In any event, if the WG has discussed those issues and
has indicated that it still wishes to advance the document, detail those
concerns here.
    I do not have any specific concerns or issues with the document.


(7) Has each author confirmed that any and all appropriate IPR
disclosures required for full conformance with the provisions of BCP 78
and BCP 79 have already been filed. If not, explain why.
    The author confirmed that any and all appropriate IPR disclosures
    required for full conformance with the provisions of BCP 78 and
    BCP 79 have already been filed.


(8) Has an IPR disclosure been filed that references this document?
If so, summarize any WG discussion and conclusion regarding the IPR
disclosures.
    There are no IPR disclosures referencing this document.
This is ECC related however, so who knows it may draw out some
IPR declaration.

(9) How solid is the WG consensus behind this document? Does it
represent the strong concurrence of a few individuals, with others
being silent, or does the WG as a whole understand and agree with it? 
    The document is AD-sponsored.
The old secsh (openssh) WG list has been asked about it and
some support and no objections were received. Saag was asked
with no objections.


(10) Has anyone threatened an appeal or otherwise indicated extreme
discontent? If so, please summarise the areas of conflict in separate
email messages to the Responsible Area Director. (It should be in a
separate email because this questionnaire is publicly available.)
    Nobody has threatened an appeal or otherwise indicated extreme
    discontent.


(11) Identify any ID nits the Document Shepherd has found in this
document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts
Checklist). Boilerplate checks are not enough; this check needs to be
thorough.
    Id-nits did not list any error.


(12) Describe how the document meets any required formal review
criteria, such as the MIB Doctor, media type, and URI type reviews.
    The document does not require any formal review.


(13) Have all references within this document been identified as
either normative or informative?
    All references within this document been identified as either
    normative or informative.


(14) Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state? If such normative
references exist, what is the plan for their completion?
    The document normatively references RFCs and a NIST document.


(15) Are there downward normative references references (see RFC 3967)?
If so, list these downward references to support the Area Director in
the Last Call procedure.
    As the intended document status is Informational there aren't any
    downward references.


(16) Will publication of this document change the status of any
existing RFCs? Are those RFCs listed on the title page header, listed
in the abstract, and discussed in the introduction? If the RFCs are not
listed in the Abstract and Introduction, explain why, and point to the
part of the document where the relationship of this document to the
other RFCs is discussed. If this information is not in the document,
explain why the WG considers it unnecessary.
    The publication of this document does not change the status of any
    existing RFCs.


(17) Describe the Document Shepherd's review of the IANA considerations
section, especially with regard to its consistency with the body of the
document. Confirm that all protocol extensions that the document makes
are associated with the appropriate reservations in IANA registries.
Confirm that any referenced IANA registries have been clearly
identified. Confirm that newly created IANA registries include a
detailed specification of the initial contents for the registry, that
allocations procedures for future registrations are defined, and a
reasonable name for the new registry has been suggested (see RFC 5226).
    The IANA registry which the document updates is clearly identified.



(18) List any new IANA registries that require Expert Review for future
allocations. Provide any public guidance that the IESG would find
useful in selecting the IANA Experts for these new registries.
    The document does not require Expert Review.

(19) Describe reviews and automated checks performed by the Document
Shepherd to validate sections of the document written in a formal
language, such as XML code, BNF rules, MIB definitions, etc.
    The document does not contain any formal language.