<?xmlversion="1.0" encoding="ISO-8859-1"?> <!DOCTYPE rfc SYSTEM "rfc2629.dtd" [ <!ENTITY rfc2119 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml"> <!ENTITY rfc2629 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2629.xml"> <!ENTITY rfc4250 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4250.xml"> <!ENTITY rfc4251 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4251.xml"> <!ENTITY rfc4253 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4253.xml"> <!ENTITY rfc4255 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4255.xml"> <!ENTITY rfc6594 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6594.xml"> <!ENTITY rfc7479 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.7479.xml"> <!ENTITY rfc8032 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8032.xml"> <!ENTITY rfc8174 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8174.xml"> ]> <?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?> <?rfc strict="yes" ?> <?rfc toc="no"?> <?rfc tocdepth="4"?> <?rfc symrefs="yes"?> <?rfc sortrefs="yes" ?> <?rfc compact="yes" ?> <?rfc subcompact="no" ?>version='1.0' encoding='utf-8'?> <rfc xmlns:xi="http://www.w3.org/2001/XInclude" version="3" category="std" consensus="true" docName="draft-ietf-curdle-ssh-ed25519-ed448-11"updates="RFC4253" ipr="trust200902">indexInclude="true" ipr="trust200902" number="8709" prepTime="2020-02-25T16:08:14" scripts="Common,Latin" sortRefs="true" submissionType="IETF" symRefs="true" tocDepth="4" tocInclude="true" updates="4253" xml:lang="en"> <link href="https://datatracker.ietf.org/doc/draft-ietf-curdle-ssh-ed25519-ed448-11" rel="prev"/> <link href="https://dx.doi.org/10.17487/rfc8709" rel="alternate"/> <link href="urn:issn:2070-1721" rel="alternate"/> <front> <title abbrev="Ed25519 and Ed448 forSSH"> Ed25519SSH">Ed25519 and Ed448public key algorithmsPublic Key Algorithms for the Secure Shell (SSH)protocol </title>Protocol</title> <seriesInfo name="RFC" value="8709" stream="IETF"/> <author initials="B." surname="Harris" fullname="Ben Harris"> <address> <postal> <street>2A Eachard Road</street><city>CAMBRIDGE</city><city>Cambridge</city> <code>CB3 0HY</code><country>UNITED KINGDOM</country><country>United Kingdom</country> </postal> <email>bjh21@bjh21.me.uk</email> </address> </author> <author initials="L." surname="Velvindron" fullname="Loganaden Velvindron"><organization> cyberstorm.mu</organization><organization showOnFrontPage="true">cyberstorm.mu</organization> <address> <postal> <street>88, Avenue De Plevitz</street> <city>Roches Brunes</city> <country>Mauritius</country> </postal> <email>logan@cyberstorm.mu</email> </address> </author> <dateyear="2019" /> <workgroup>Internet Engineering Task Force</workgroup> <abstract> <t>month="02" year="2020"/> <workgroup>curdle</workgroup> <abstract pn="section-abstract"> <t pn="section-abstract-1"> This document describes the use of the Ed25519 and Ed448 digital signaturealgorithmalgorithms in the Secure Shell (SSH) protocol. Accordingly, this RFC updates RFC 4253. </t> </abstract> <boilerplate> <section anchor="status-of-memo" numbered="false" removeInRFC="false" toc="exclude" pn="section-boilerplate.1"> <name slugifiedName="name-status-of-this-memo">Status of This Memo</name> <t pn="section-boilerplate.1-1"> This is an Internet Standards Track document. </t> <t pn="section-boilerplate.1-2"> This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841. </t> <t pn="section-boilerplate.1-3"> Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at <eref target="https://www.rfc-editor.org/info/rfc8709" brackets="none"/>. </t> </section> <section anchor="copyright" numbered="false" removeInRFC="false" toc="exclude" pn="section-boilerplate.2"> <name slugifiedName="name-copyright-notice">Copyright Notice</name> <t pn="section-boilerplate.2-1"> Copyright (c) 2020 IETF Trust and the persons identified as the document authors. All rights reserved. </t> <t pn="section-boilerplate.2-2"> This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (<eref target="https://trustee.ietf.org/license-info" brackets="none"/>) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. </t> </section> </boilerplate> <toc> <section anchor="toc" numbered="false" removeInRFC="false" toc="exclude" pn="section-toc.1"> <name slugifiedName="name-table-of-contents">Table of Contents</name> <ul bare="true" empty="true" indent="2" spacing="compact" pn="section-toc.1-1"> <li pn="section-toc.1-1.1"> <t keepWithNext="true" pn="section-toc.1-1.1.1"><xref derivedContent="1" format="counter" sectionFormat="of" target="section-1"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-introduction">Introduction</xref></t> </li> <li pn="section-toc.1-1.2"> <t keepWithNext="true" pn="section-toc.1-1.2.1"><xref derivedContent="2" format="counter" sectionFormat="of" target="section-2"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-conventions-used-in-this-do">Conventions Used in This Document</xref></t> <ul bare="true" empty="true" indent="2" spacing="compact" pn="section-toc.1-1.2.2"> <li pn="section-toc.1-1.2.2.1"> <t keepWithNext="true" pn="section-toc.1-1.2.2.1.1"><xref derivedContent="2.1" format="counter" sectionFormat="of" target="section-2.1"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-requirements-language">Requirements Language</xref></t> </li> </ul> </li> <li pn="section-toc.1-1.3"> <t keepWithNext="true" pn="section-toc.1-1.3.1"><xref derivedContent="3" format="counter" sectionFormat="of" target="section-3"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-public-key-algorithm">Public Key Algorithm</xref></t> </li> <li pn="section-toc.1-1.4"> <t keepWithNext="true" pn="section-toc.1-1.4.1"><xref derivedContent="4" format="counter" sectionFormat="of" target="section-4"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-public-key-format">Public Key Format</xref></t> </li> <li pn="section-toc.1-1.5"> <t keepWithNext="true" pn="section-toc.1-1.5.1"><xref derivedContent="5" format="counter" sectionFormat="of" target="section-5"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-signature-algorithm">Signature Algorithm</xref></t> </li> <li pn="section-toc.1-1.6"> <t keepWithNext="true" pn="section-toc.1-1.6.1"><xref derivedContent="6" format="counter" sectionFormat="of" target="section-6"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-signature-format">Signature Format</xref></t> </li> <li pn="section-toc.1-1.7"> <t keepWithNext="true" pn="section-toc.1-1.7.1"><xref derivedContent="7" format="counter" sectionFormat="of" target="section-7"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-verification-algorithm">Verification Algorithm</xref></t> </li> <li pn="section-toc.1-1.8"> <t keepWithNext="true" pn="section-toc.1-1.8.1"><xref derivedContent="8" format="counter" sectionFormat="of" target="section-8"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-sshfp-dns-resource-records">SSHFP DNS Resource Records</xref></t> </li> <li pn="section-toc.1-1.9"> <t keepWithNext="true" pn="section-toc.1-1.9.1"><xref derivedContent="9" format="counter" sectionFormat="of" target="section-9"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-iana-considerations">IANA Considerations</xref></t> </li> <li pn="section-toc.1-1.10"> <t keepWithNext="true" pn="section-toc.1-1.10.1"><xref derivedContent="10" format="counter" sectionFormat="of" target="section-10"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-security-considerations">Security Considerations</xref></t> </li> <li pn="section-toc.1-1.11"> <t keepWithNext="true" pn="section-toc.1-1.11.1"><xref derivedContent="11" format="counter" sectionFormat="of" target="section-11"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-references">References</xref></t> <ul bare="true" empty="true" indent="2" spacing="compact" pn="section-toc.1-1.11.2"> <li pn="section-toc.1-1.11.2.1"> <t keepWithNext="true" pn="section-toc.1-1.11.2.1.1"><xref derivedContent="11.1" format="counter" sectionFormat="of" target="section-11.1"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-normative-references">Normative References</xref></t> </li> <li pn="section-toc.1-1.11.2.2"> <t keepWithNext="true" pn="section-toc.1-1.11.2.2.1"><xref derivedContent="11.2" format="counter" sectionFormat="of" target="section-11.2"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-informative-references">Informative References</xref></t> </li> </ul> </li> <li pn="section-toc.1-1.12"> <t keepWithNext="true" pn="section-toc.1-1.12.1"><xref derivedContent="" format="none" sectionFormat="of" target="section-appendix.a"/><xref derivedContent="" format="title" sectionFormat="of" target="name-acknowledgements">Acknowledgements</xref></t> </li> <li pn="section-toc.1-1.13"> <t keepWithNext="true" pn="section-toc.1-1.13.1"><xref derivedContent="" format="none" sectionFormat="of" target="section-appendix.b"/><xref derivedContent="" format="title" sectionFormat="of" target="name-authors-addresses">Authors' Addresses</xref></t> </li> </ul> </section> </toc> </front> <middle> <sectiontitle="Introduction"> <t>numbered="true" toc="include" removeInRFC="false" pn="section-1"> <name slugifiedName="name-introduction">Introduction</name> <t pn="section-1-1"> Secure Shell (SSH) <xreftarget="RFC4251"/>target="RFC4251" format="default" sectionFormat="of" derivedContent="RFC4251"/> is a secure remote-login protocol. It provides for an extensible variety of public key algorithms for identifying servers and users to one another. Ed25519 <xreftarget="RFC8032"/>target="RFC8032" format="default" sectionFormat="of" derivedContent="RFC8032"/> is a digital signature system. OpenSSH 6.5 <xreftarget="OpenSSH-6.5"/>target="OpenSSH-6.5" format="default" sectionFormat="of" derivedContent="OpenSSH-6.5"/> introduced support for using Ed25519 for server and user authentication and was then followed by other SSH implementations. </t><t><t pn="section-1-2"> This document describes the method implemented by OpenSSH andothers,others and formalizesitsthe use of the name "ssh-ed25519". Additionally,it alsothis document describes the use of Ed448 and formalizesitsthe use of the name "ssh-ed448". </t><t> [TO BE REMOVED: Please send comments on this draft to curdle@ietf.org.] </t></section> <sectiontitle="Conventionsnumbered="true" toc="include" removeInRFC="false" pn="section-2"> <name slugifiedName="name-conventions-used-in-this-do">Conventions Used in ThisDocument"> <t>Document</name> <t pn="section-2-1"> The descriptions of key and signature formats use the notation introduced in <xreftarget="RFC4251">[RFC4251], Section 3</xref>target="RFC4251" sectionFormat="comma" section="3" format="default" derivedLink="https://rfc-editor.org/rfc/rfc4251#section-3" derivedContent="RFC4251"/> and the string data type from <xreftarget="RFC4251">[RFC4251], Section 5</xref>.target="RFC4251" sectionFormat="comma" section="5" format="default" derivedLink="https://rfc-editor.org/rfc/rfc4251#section-5" derivedContent="RFC4251"/>. </t> <sectiontitle="Requirements Language"> <t>Thenumbered="true" toc="include" removeInRFC="false" pn="section-2.1"> <name slugifiedName="name-requirements-language">Requirements Language</name> <t pn="section-2.1-1"> The key words"MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY","<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>", "<bcp14>MAY</bcp14>", and"OPTIONAL""<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as described in BCP 14 <xreftarget="RFC2119">RFC 2119</xref> <xref target="RFC8174">RFC 8174</xref>target="RFC2119" format="default" sectionFormat="of" derivedContent="RFC2119"/> <xref target="RFC8174" format="default" sectionFormat="of" derivedContent="RFC8174"/> when, and only when, they appear in all capitals, as shownhere.</t>here. </t> </section> </section> <sectiontitle="Publicnumbered="true" toc="include" removeInRFC="false" pn="section-3"> <name slugifiedName="name-public-key-algorithm">Public KeyAlgorithm"> <t>Algorithm</name> <t pn="section-3-1"> This document describes a public key algorithm for use withSSH in accordance withSSH, as per <xreftarget="RFC4253">[RFC4253], Section 6.6</xref>.target="RFC4253" sectionFormat="comma" section="6.6" format="default" derivedLink="https://rfc-editor.org/rfc/rfc4253#section-6.6" derivedContent="RFC4253"/>. The name of the algorithm is "ssh-ed25519". This algorithm only supports signing and not encryption. </t><t><t pn="section-3-2"> Additionally, this document describes another public key algorithm. The name of the algorithm is "ssh-ed448". This algorithm only supports signing and not encryption. </t><t><t pn="section-3-3"> Standard implementations of SSHSHOULD<bcp14>SHOULD</bcp14> implement these signature algorithms. </t> </section> <sectiontitle="Publicnumbered="true" toc="include" removeInRFC="false" pn="section-4"> <name slugifiedName="name-public-key-format">Public KeyFormat"> <figure> <preamble>Format</name> <t pn="section-4-1"> The "ssh-ed25519" key format has the following encoding:</preamble> <artwork> string "ssh-ed25519" string key </artwork> </figure> <t> Here</t> <dl newline="false" spacing="normal" indent="6" pn="section-4-2"> <dt pn="section-4-2.1">string</dt> <dd pn="section-4-2.2">"ssh-ed25519"</dd> <dt pn="section-4-2.3">string</dt> <dd pn="section-4-2.4">key</dd> </dl> <t pn="section-4-3"> Here, 'key' is the 32-octet public key describedbyin <xreftarget="RFC8032">[RFC8032], Section 5.1.5</xref>.target="RFC8032" sectionFormat="comma" section="5.1.5" format="default" derivedLink="https://rfc-editor.org/rfc/rfc8032#section-5.1.5" derivedContent="RFC8032"/>. </t><figure> <preamble><t pn="section-4-4"> The "ssh-ed448" key format has the following encoding:</preamble> <artwork> string "ssh-ed448" string key </artwork> </figure> <t> Here</t> <dl newline="false" spacing="normal" indent="6" pn="section-4-5"> <dt pn="section-4-5.1">string</dt> <dd pn="section-4-5.2">"ssh-ed448"</dd> <dt pn="section-4-5.3">string</dt> <dd pn="section-4-5.4">key</dd> </dl> <t pn="section-4-6"> Here, 'key' is the 57-octet public key describedbyin <xreftarget="RFC8032">[RFC8032], Section 5.2.5</xref>.target="RFC8032" sectionFormat="comma" section="5.2.5" format="default" derivedLink="https://rfc-editor.org/rfc/rfc8032#section-5.2.5" derivedContent="RFC8032"/>. </t> </section> <sectiontitle="Signature Algorithm"> <t>numbered="true" toc="include" removeInRFC="false" pn="section-5"> <name slugifiedName="name-signature-algorithm">Signature Algorithm</name> <t pn="section-5-1"> Signatures are generated according to the procedure in Sections <xreftarget="RFC8032">[RFC8032], Section 5.1.6 and Section 5.2.6 </xref>.target="RFC8032" sectionFormat="bare" section="5.1.6" format="default" derivedLink="https://rfc-editor.org/rfc/rfc8032#section-5.1.6" derivedContent="RFC8032"/> and <xref target="RFC8032" sectionFormat="bare" section="5.2.6" format="default" derivedLink="https://rfc-editor.org/rfc/rfc8032#section-5.2.6" derivedContent="RFC8032"/> of <xref target="RFC8032" format="default" sectionFormat="of" derivedContent="RFC8032"/>. </t> </section> <sectiontitle="Signature Format"> <figure> <preamble>numbered="true" toc="include" removeInRFC="false" pn="section-6"> <name slugifiedName="name-signature-format">Signature Format</name> <t pn="section-6-1"> The "ssh-ed25519" key format has the following encoding:</preamble> <artwork> string "ssh-ed25519" string signature </artwork> </figure> <t> Here</t> <dl newline="false" spacing="normal" indent="6" pn="section-6-2"> <dt pn="section-6-2.1">string</dt> <dd pn="section-6-2.2">"ssh-ed25519"</dd> <dt pn="section-6-2.3">string</dt> <dd pn="section-6-2.4">signature</dd> </dl> <t pn="section-6-3"> Here, 'signature' is the 64-octet signature produced in accordance with <xreftarget="RFC8032">[RFC8032], Section 5.1.6</xref>.target="RFC8032" sectionFormat="comma" section="5.1.6" format="default" derivedLink="https://rfc-editor.org/rfc/rfc8032#section-5.1.6" derivedContent="RFC8032"/>. </t><figure> <preamble><t pn="section-6-4"> The "ssh-ed448" key format has the following encoding:</preamble> <artwork> string "ssh-ed448" string signature </artwork> </figure> <t> Here</t> <dl newline="false" spacing="normal" indent="6" pn="section-6-5"> <dt pn="section-6-5.1">string</dt> <dd pn="section-6-5.2">"ssh-ed448"</dd> <dt pn="section-6-5.3">string</dt> <dd pn="section-6-5.4">signature</dd> </dl> <t pn="section-6-6"> Here, 'signature' is the 114-octet signature produced in accordance with <xreftarget="RFC8032">[RFC8032], Section 5.2.6</xref>.target="RFC8032" sectionFormat="comma" section="5.2.6" format="default" derivedLink="https://rfc-editor.org/rfc/rfc8032#section-5.2.6" derivedContent="RFC8032"/>. </t> </section> <sectiontitle="Verification Algorithm"> <t>numbered="true" toc="include" removeInRFC="false" pn="section-7"> <name slugifiedName="name-verification-algorithm">Verification Algorithm</name> <t pn="section-7-1"> Ed25519 signatures are verified according to the procedure in <xreftarget="RFC8032">[RFC8032], Section 5.1.7</xref>.target="RFC8032" sectionFormat="comma" section="5.1.7" format="default" derivedLink="https://rfc-editor.org/rfc/rfc8032#section-5.1.7" derivedContent="RFC8032"/>. </t><t><t pn="section-7-2"> Ed448 signatures are verified according to the procedure in <xreftarget="RFC8032">[RFC8032], Section 5.2.7</xref>.target="RFC8032" sectionFormat="comma" section="5.2.7" format="default" derivedLink="https://rfc-editor.org/rfc/rfc8032#section-5.2.7" derivedContent="RFC8032"/>. </t> </section> <sectiontitle="SSHFPnumbered="true" toc="include" removeInRFC="false" pn="section-8"> <name slugifiedName="name-sshfp-dns-resource-records">SSHFP DNSresource records"> <t>Resource Records</name> <t pn="section-8-1"> Usage and generation of the SSHFP DNS resource record is described in <xreftarget="RFC4255"></xref>.target="RFC4255" format="default" sectionFormat="of" derivedContent="RFC4255"/>. The generation of SSHFP resource records for "ssh-ed25519" keys is described in <xreftarget="RFC7479">target="RFC7479" format="default" sectionFormat="of" derivedContent="RFC7479"> </xref>. This section illustrates the generation of SSHFP resource records for "ssh-ed448"keyskeys, andthethis document also specifies the corresponding Ed448 code point tothe"SSHFP RR Types for public key algorithms"IANA registry. </t> <t> The generation of SSHFP resource records for "ssh-ed25519" keys is describedin the "DNS SSHFP Resource Record Parameters" IANA registry <xreftarget="RFC7479"/>.target="IANA-SSHFP" format="default" sectionFormat="of" derivedContent="IANA-SSHFP"/>. </t><t><t pn="section-8-2"> The generation of SSHFP resource records for "ssh-ed448" keys is described as follows. </t><t><t pn="section-8-3"> The encoding of Ed448 public keys is described in <xreftarget="ED448"></xref>.target="ED448" format="default" sectionFormat="of" derivedContent="ED448"/>. In brief, an Ed448 public key is a 57-octet value representing a 455-bit y-coordinate of an elliptic curve point, and a sign bit indicating thethecorresponding x-coordinate. </t><t><t pn="section-8-4"> The SSHFP Resource Record for the Ed448 public key with SHA-256 fingerprintwouldwould, forexampleexample, be: </t><t><artwork align="left" pn="section-8-5"> example.com. IN SSHFPTBD6 2 ( a87f1b687ac0e57d2a081a2f2826723 34d90ed316d2b818ca9580ea384d924 01 )</t> <t></artwork> <t pn="section-8-6"> The2'2' here indicates SHA-256 <xreftarget="RFC6594"></xref>.target="RFC6594" format="default" sectionFormat="of" derivedContent="RFC6594"/>. </t> </section> <sectiontitle="IANA Considerations"> <t>Thisnumbered="true" toc="include" removeInRFC="false" pn="section-9"> <name slugifiedName="name-iana-considerations">IANA Considerations</name> <t pn="section-9-1"> This document augments the Public Key Algorithm Names in <xreftarget="RFC4250">[RFC4250], Section 4.6.2</xref>.target="RFC4250" sectionFormat="comma" section="4.11.3" format="default" derivedLink="https://rfc-editor.org/rfc/rfc4250#section-4.11.3" derivedContent="RFC4250"/>. </t><t><t pn="section-9-2"> IANAis requested to add tohas added thePublicfollowing entry to "Public Key AlgorithmNamesNames" in the "Secure Shell (SSH) Protocol Parameters" registry <xreftarget="IANA-PKA"/> with the following entry: </t> <texttable style="headers"> <ttcol>Publictarget="IANA-SSH" format="default" sectionFormat="of" derivedContent="IANA-SSH"/>: </t> <table align="center" pn="table-1"> <thead> <tr> <th align="left" colspan="1" rowspan="1">Public Key AlgorithmName</ttcol><ttcol>Reference</ttcol> <c>ssh-ed25519</c><c>This Draft</c> <c>ssh-ed448</c><c>This Draft</c> </texttable> <t>Name</th> <th align="left" colspan="1" rowspan="1">Reference</th> </tr> </thead> <tbody> <tr> <td align="left" colspan="1" rowspan="1">ssh-ed25519</td> <td align="left" colspan="1" rowspan="1">RFC 8709</td> </tr> <tr> <td align="left" colspan="1" rowspan="1">ssh-ed448</td> <td align="left" colspan="1" rowspan="1">RFC 8709</td> </tr> </tbody> </table> <t pn="section-9-4"> IANAis requested to addhas added the following entry tothe"SSHFP RR Types for public key algorithms" in the "DNS SSHFP Resource Record Parameters" registry <xreftarget="IANA-SSHFP"></xref>: </t> <t>+--------+-------------+------------+</t> <t>| Value | Description | Reference |</t> <t>+--------+-------------+------------+</t> <t>| TBD | Ed448 | [this-draft] |</t> <t>+--------+-------------+------------+</t> <t> We strongly suggest 6 as value. </t> <t> [TO BE REMOVED: This registration should take place at the following location: <http://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-19>] </t>target="IANA-SSHFP" format="default" sectionFormat="of" derivedContent="IANA-SSHFP"/>: </t> <table align="center" pn="table-2"> <thead> <tr> <th align="left" colspan="1" rowspan="1">Value</th> <th align="left" colspan="1" rowspan="1">Description</th> <th align="left" colspan="1" rowspan="1">Reference</th> </tr> </thead> <tbody> <tr> <td align="left" colspan="1" rowspan="1">6</td> <td align="left" colspan="1" rowspan="1">Ed448</td> <td align="left" colspan="1" rowspan="1">RFC 8709</td> </tr> </tbody> </table> </section> <sectiontitle="Security Considerations"> <t>numbered="true" toc="include" removeInRFC="false" pn="section-10"> <name slugifiedName="name-security-considerations">Security Considerations</name> <t pn="section-10-1"> The security considerations in <xreftarget="RFC4251"> [RFC4251], Section 9</xref>target="RFC4251" sectionFormat="comma" section="9" format="default" derivedLink="https://rfc-editor.org/rfc/rfc4251#section-9" derivedContent="RFC4251"/> apply to all SSH implementations, including those using Ed25519 and Ed448. </t><t><t pn="section-10-2"> The security considerations in <xreftarget="RFC8032"> [RFC8032], Section 8</xref>target="RFC8032" sectionFormat="comma" section="8" format="default" derivedLink="https://rfc-editor.org/rfc/rfc8032#section-8" derivedContent="RFC8032"/> and <xreftarget="RFC7479">target="RFC7479" sectionFormat="comma" section="3" format="default" derivedLink="https://rfc-editor.org/rfc/rfc7479#section-3" derivedContent="RFC7479"> </xref> apply to all uses of Ed25519 andEd448Ed448, including those inSSH. </t> </section> <section title="Acknowledgements"> <t> The OpenSSHSSH. </t> </section> </middle> <back> <references pn="section-11"> <name slugifiedName="name-references">References</name> <references pn="section-11.1"> <name slugifiedName="name-normative-references">Normative References</name> <reference anchor="RFC2119" target="https://www.rfc-editor.org/info/rfc2119" quoteTitle="true" derivedAnchor="RFC2119"> <front> <title>Key words for use in RFCs to Indicate Requirement Levels</title> <author initials="S." surname="Bradner" fullname="S. Bradner"> <organization showOnFrontPage="true"/> </author> <date year="1997" month="March"/> <abstract> <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t> </abstract> </front> <seriesInfo name="BCP" value="14"/> <seriesInfo name="RFC" value="2119"/> <seriesInfo name="DOI" value="10.17487/RFC2119"/> </reference> <reference anchor="RFC4250" target="https://www.rfc-editor.org/info/rfc4250" quoteTitle="true" derivedAnchor="RFC4250"> <front> <title>The Secure Shell (SSH) Protocol Assigned Numbers</title> <author initials="S." surname="Lehtinen" fullname="S. Lehtinen"> <organization showOnFrontPage="true"/> </author> <author initials="C." surname="Lonvick" fullname="C. Lonvick" role="editor"> <organization showOnFrontPage="true"/> </author> <date year="2006" month="January"/> <abstract> <t>This document defines the instructions to the IANA and the initial state of the IANA assigned numbers for the Secure Shell (SSH) protocol. It is intended only for the initialization of the IANA registries referenced in the set of SSH documents. [STANDARDS-TRACK]</t> </abstract> </front> <seriesInfo name="RFC" value="4250"/> <seriesInfo name="DOI" value="10.17487/RFC4250"/> </reference> <reference anchor="RFC4251" target="https://www.rfc-editor.org/info/rfc4251" quoteTitle="true" derivedAnchor="RFC4251"> <front> <title>The Secure Shell (SSH) Protocol Architecture</title> <author initials="T." surname="Ylonen" fullname="T. Ylonen"> <organization showOnFrontPage="true"/> </author> <author initials="C." surname="Lonvick" fullname="C. Lonvick" role="editor"> <organization showOnFrontPage="true"/> </author> <date year="2006" month="January"/> <abstract> <t>The Secure Shell (SSH) Protocol is a protocol for secure remote login and other secure network services over an insecure network. This document describes the architecture of the SSH protocol, as well as the notation and terminology used in SSH protocol documents. It also discusses the SSH algorithm naming system that allows local extensions. The SSH protocol consists of three major components: The Transport Layer Protocol provides server authentication, confidentiality, and integrity with perfect forward secrecy. The User Authentication Protocol authenticates the client to the server. The Connection Protocol multiplexes the encrypted tunnel into several logical channels. Details of these protocols are described in separate documents. [STANDARDS-TRACK]</t> </abstract> </front> <seriesInfo name="RFC" value="4251"/> <seriesInfo name="DOI" value="10.17487/RFC4251"/> </reference> <reference anchor="RFC4253" target="https://www.rfc-editor.org/info/rfc4253" quoteTitle="true" derivedAnchor="RFC4253"> <front> <title>The Secure Shell (SSH) Transport Layer Protocol</title> <author initials="T." surname="Ylonen" fullname="T. Ylonen"> <organization showOnFrontPage="true"/> </author> <author initials="C." surname="Lonvick" fullname="C. Lonvick" role="editor"> <organization showOnFrontPage="true"/> </author> <date year="2006" month="January"/> <abstract> <t>The Secure Shell (SSH) is a protocol for secure remote login and other secure network services over an insecure network.</t> <t>This document describes the SSH transport layer protocol, which typically runs on top of TCP/IP. The protocol can be used as a basis for a number of secure network services. It provides strong encryption, server authentication, and integrity protection. It may also provide compression.</t> <t>Key exchange method, public key algorithm, symmetric encryption algorithm, message authentication algorithm, and hash algorithm are all negotiated.</t> <t>This document also describes the Diffie-Hellman key exchange method and the minimal set of algorithms that are needed to implement the SSH transport layer protocol. [STANDARDS-TRACK]</t> </abstract> </front> <seriesInfo name="RFC" value="4253"/> <seriesInfo name="DOI" value="10.17487/RFC4253"/> </reference> <reference anchor="RFC4255" target="https://www.rfc-editor.org/info/rfc4255" quoteTitle="true" derivedAnchor="RFC4255"> <front> <title>Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints</title> <author initials="J." surname="Schlyter" fullname="J. Schlyter"> <organization showOnFrontPage="true"/> </author> <author initials="W." surname="Griffin" fullname="W. Griffin"> <organization showOnFrontPage="true"/> </author> <date year="2006" month="January"/> <abstract> <t>This document describes a method of verifying Secure Shell (SSH) host keys using Domain Name System Security (DNSSEC). The document defines a new DNS resource record that contains a standard SSH key fingerprint. [STANDARDS-TRACK]</t> </abstract> </front> <seriesInfo name="RFC" value="4255"/> <seriesInfo name="DOI" value="10.17487/RFC4255"/> </reference> <reference anchor="RFC6594" target="https://www.rfc-editor.org/info/rfc6594" quoteTitle="true" derivedAnchor="RFC6594"> <front> <title>Use of the SHA-256 Algorithm with RSA, Digital Signature Algorithm (DSA), and Elliptic Curve DSA (ECDSA) in SSHFP Resource Records</title> <author initials="O." surname="Sury" fullname="O. Sury"> <organization showOnFrontPage="true"/> </author> <date year="2012" month="April"/> <abstract> <t>This document updates the IANA registries in RFC 4255, which defines SSHFP, a DNS Resource Record (RR) that contains a standard Secure Shell (SSH) key fingerprint used to verify SSH host keys using DNS Security Extensions (DNSSEC). This document defines additional options supporting SSH public keys applying the Elliptic Curve Digital Signature Algorithm (ECDSA) and the implementation ofEd25519fingerprints computed using the SHA-256 message digest algorithm inSSH was written by Markus Friedl. WeSSHFP Resource Records. [STANDARDS-TRACK]</t> </abstract> </front> <seriesInfo name="RFC" value="6594"/> <seriesInfo name="DOI" value="10.17487/RFC6594"/> </reference> <reference anchor="RFC8032" target="https://www.rfc-editor.org/info/rfc8032" quoteTitle="true" derivedAnchor="RFC8032"> <front> <title>Edwards-Curve Digital Signature Algorithm (EdDSA)</title> <author initials="S." surname="Josefsson" fullname="S. Josefsson"> <organization showOnFrontPage="true"/> </author> <author initials="I." surname="Liusvaara" fullname="I. Liusvaara"> <organization showOnFrontPage="true"/> </author> <date year="2017" month="January"/> <abstract> <t>This document describes elliptic curve signature scheme Edwards-curve Digital Signature Algorithm (EdDSA). The algorithm is instantiated with recommended parameters for the edwards25519 and edwards448 curves. An example implementation and test vectors arealso gratefulprovided.</t> </abstract> </front> <seriesInfo name="RFC" value="8032"/> <seriesInfo name="DOI" value="10.17487/RFC8032"/> </reference> <reference anchor="RFC8174" target="https://www.rfc-editor.org/info/rfc8174" quoteTitle="true" derivedAnchor="RFC8174"> <front> <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title> <author initials="B." surname="Leiba" fullname="B. Leiba"> <organization showOnFrontPage="true"/> </author> <date year="2017" month="May"/> <abstract> <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims toMark Baushke, Benjamin Kaduk and Daniel Migault for their comments. </t> </section> </middle> <back> <references title="Normative References"> &rfc2119; &rfc4250; &rfc4251; &rfc4253; &rfc4255; &rfc6594; &rfc8032; &rfc8174;reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t> </abstract> </front> <seriesInfo name="BCP" value="14"/> <seriesInfo name="RFC" value="8174"/> <seriesInfo name="DOI" value="10.17487/RFC8174"/> </reference> </references> <referencestitle="Informative References">pn="section-11.2"> <name slugifiedName="name-informative-references">Informative References</name> <reference anchor="ED448" target="https://eprint.iacr.org/2015/625.pdf" quoteTitle="true" derivedAnchor="ED448"> <front> <title>Ed448-Goldilocks, a new elliptic curve</title> <author surname="Hamburg" initials="M." fullname="Mike Hamburg"/> <date month="January" year="2015"/> </front> </reference> <referenceanchor="IANA-PKA" target="http://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-19">anchor="IANA-SSH" target="https://www.iana.org/assignments/ssh-parameters" quoteTitle="true" derivedAnchor="IANA-SSH"> <front> <title>Secure Shell (SSH) ProtocolParameters: Public Key Algorithm Names</title>Parameters</title> <author><organization>Internet Assigned Numbers Authority (IANA) </organization><organization showOnFrontPage="true">IANA</organization> </author><date month="May" year="2017"/></front> </reference> <reference anchor="IANA-SSHFP"target="https://www.iana.org/assignments/dns-sshfp-rr-parameters/dns-sshfp-rr-parameters.xhtml#dns-sshfp-rr-parameters-1">target="https://www.iana.org/assignments/dns-sshfp-rr-parameters" quoteTitle="true" derivedAnchor="IANA-SSHFP"> <front><title>Secure Shell (SSH) Protocol Parameters: Public Key Algorithm Names</title><title>DNS SSHFP Resource Record Parameters</title> <author><organization>Internet Assigned Numbers Authority (IANA) </organization><organization showOnFrontPage="true">IANA</organization> </author><date month="May" year="2017"/></front> </reference>&rfc7479;<reference anchor="OpenSSH-6.5"target="http://www.openssh.com/txt/release-6.5">target="http://www.openssh.com/txt/release-6.5" quoteTitle="true" derivedAnchor="OpenSSH-6.5"> <front> <title>OpenSSH 6.5 release notes</title> <author surname="Friedl" initials="M." fullname="Marcus Friedl"/> <author surname="Provos" initials="N." fullname="Niels Provos"/> <author surname="de Raadt" initials="T." fullname="Theo de Raadt"/> <author surname="Steves" initials="K." fullname="Kevin Steves"/> <author surname="Miller" initials="D." fullname="Damien Miller"/> <author surname="Tucker" initials="D." fullname="Darren Tucker"/> <author surname="McIntyre" initials="J." fullname="Jason McIntyre"/> <author surname="Rice" initials="T." fullname="Tim Rice"/> <author surname="Lindstrom" initials="B." fullname="Ben Lindstrom"/> <date month="January" year="2014"/> </front> </reference> <referenceanchor="ED448" target="https://eprint.iacr.org/2015/625.pdf">anchor="RFC7479" target="https://www.rfc-editor.org/info/rfc7479" quoteTitle="true" derivedAnchor="RFC7479"> <front><title> Ed448-Goldilocks, a new elliptic curve</title><title>Using Ed25519 in SSHFP Resource Records</title> <authorsurname="Hamburg" initials="M." fullname="Mike Hamburg"/>initials="S." surname="Moonesamy" fullname="S. Moonesamy"> <organization showOnFrontPage="true"/> </author> <datemonth="January" year="2015"/>year="2015" month="March"/> <abstract> <t>The Ed25519 signature algorithm has been implemented in OpenSSH. This document updates the IANA "SSHFP RR Types for public key algorithms" registry by adding an algorithm number for Ed25519.</t> </abstract> </front> <seriesInfo name="RFC" value="7479"/> <seriesInfo name="DOI" value="10.17487/RFC7479"/> </reference> </references> </references> <section numbered="false" toc="include" removeInRFC="false" pn="section-appendix.a"> <name slugifiedName="name-acknowledgements">Acknowledgements</name> <t pn="section-appendix.a-1"> The OpenSSH implementation of Ed25519 in SSH was written by <contact fullname="Markus Friedl"/>. We are also grateful to <contact fullname="Mark Baushke"/>, <contact fullname="Benjamin Kaduk"/>, and <contact fullname="Daniel Migault"/> for their comments. </t> </section> <section anchor="authors-addresses" numbered="false" removeInRFC="false" toc="include" pn="section-appendix.b"> <name slugifiedName="name-authors-addresses">Authors' Addresses</name> <author initials="B." surname="Harris" fullname="Ben Harris"> <address> <postal> <street>2A Eachard Road</street> <city>Cambridge</city> <code>CB3 0HY</code> <country>United Kingdom</country> </postal> <email>bjh21@bjh21.me.uk</email> </address> </author> <author initials="L." surname="Velvindron" fullname="Loganaden Velvindron"> <organization showOnFrontPage="true">cyberstorm.mu</organization> <address> <postal> <street>88, Avenue De Plevitz</street> <city>Roches Brunes</city> <country>Mauritius</country> </postal> <email>logan@cyberstorm.mu</email> </address> </author> </section> </back> </rfc>