This document adds entries to the registries defined in RFC 4255, defining how to
provide fingerprints for Secure Shell (SSH) Elliptic Curve Digital Signature
Algorithm (ECDSA) public keys, as per RFC 6090, and to use the SHA-256
manifest digest algorithm for public key fingerprints in SSHFP Resource Records.
These algorithms have been already added into the Secure Shell protocol
and this document adds support for the newly supported algorithms
in the DNS SSHFP Resource Records.
Working Group Summary
This is not the product of a working group but has been reviewed on
the saag and openssh lists. Only messages supportive of publication
resulted. (Not many but enough and no objections.) IETF LC
comments received have already been taken into account.
There is an existing implementation available as a patch for OpenSSH
that allows OpenSSH to use the new SSHFP capabilities. This patch has
been provided by the author of this document and it is available under
the same licensing terms as OpenSSH.
Elwyn Davies is the document shepherd.
Stephen Farrell is the responsible AD.