Skip to main content

Use of the SHA-256 Algorithm with RSA, Digital Signature Algorithm (DSA), and Elliptic Curve DSA (ECDSA) in SSHFP Resource Records
RFC 6594

Approval announcement
Draft of message to be sent after approval:


From: The IESG <>
To: IETF-Announce <>
Cc: RFC Editor <>
Subject: Protocol Action: 'Use of SHA-256 Algorithm with RSA, DSA and ECDSA in SSHFP Resource Records' to Proposed Standard (draft-os-ietf-sshfp-ecdsa-sha2-07.txt)

The IESG has approved the following document:
- 'Use of SHA-256 Algorithm with RSA, DSA and ECDSA in SSHFP Resource
  (draft-os-ietf-sshfp-ecdsa-sha2-07.txt) as a Proposed Standard

This document has been reviewed in the IETF but is not the product of an
IETF Working Group.

The IESG contact person is Stephen Farrell.

A URL of this Internet Draft is:

Ballot Text

Technical Summary

    This document adds entries to the registries defined in RFC 4255, defining how to 
    provide fingerprints for Secure Shell (SSH) Elliptic Curve Digital Signature 
    Algorithm (ECDSA) public keys, as per RFC 6090, and to use the SHA-256 
    manifest digest algorithm for public key fingerprints in SSHFP Resource Records. 
    These algorithms have been already added into the Secure Shell protocol
    and this document adds support for the newly supported algorithms
    in the DNS SSHFP Resource Records.

Working Group Summary

   This is not the product of a working group but has been reviewed on 
   the saag and openssh lists. Only messages supportive of publication
   resulted. (Not many but enough and no objections.) IETF LC 
   comments received have already been taken into account.

Document Quality

    There is an existing implementation available as a patch for OpenSSH
    that allows OpenSSH to use the new SSHFP capabilities.  This patch has
    been provided by the author of this document and it is available under
    the same licensing terms as OpenSSH.


   Elwyn Davies is the document shepherd.
   Stephen Farrell is the responsible AD.

RFC Editor Note