One document matched: draft-ietf-curdle-ssh-ed25519-00.xml


<?xml version="1.0" encoding="US-ASCII"?>
<!DOCTYPE rfc SYSTEM 'rfc2629.dtd' [
<!ENTITY rfc2119 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml'>
<!ENTITY rfc4250 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.4250.xml'>
<!ENTITY rfc4251 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.4251.xml'>
<!ENTITY rfc4253 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.4253.xml'>
<!ENTITY rfc7479 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.7479.xml'>
<!ENTITY I-D.irtf-cfrg-eddsa SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.irtf-cfrg-eddsa.xml">
]>
<rfc ipr='trust200902' docName="draft-ietf-curdle-ssh-ed25519-00"
     category='info'>
  <front>
    <title abbrev="Ed25519 for SSH">Ed25519 public key algorithm for
      the Secure Shell (SSH) protocol</title>
    <author fullname="Ben Harris" initials="B. J." surname="Harris">
      <address>
	<postal>
	  <street>2A Eachard Road</street>
	  <city>CAMBRIDGE</city>
	  <code>CB3 0HY</code>
	  <country>UNITED KINGDOM</country>
	</postal>
	<email>bjh21@bjh21.me.uk</email>
      </address>
    </author>
    <date/>
    <area>sec</area>
    <keyword>Ed25519</keyword>
    <keyword>SSH</keyword>
    <keyword>ssh-ed25519</keyword>
    <abstract>
      <t>This document describes the use of the Ed25519 digital
      signature algorithm in the Secure Shell (SSH) protocol.</t>
    </abstract>
  </front>
  <middle>
    <section title="Introduction">
      <t>Secure Shell (SSH) <xref target="RFC4251"/> is a secure
      remote-login protocol.  It provides for an extensible variety of
      public key algorithms for identifying servers and users to one
      another.  Ed25519 <xref target="I-D.irtf-cfrg-eddsa"/>
      is a digital signature system.  OpenSSH 6.5
      <xref target="OpenSSH-6.5"/> introduced support
      for using Ed25519 for server and user authentication.  Compatible
      support for Ed25519 has since been added to other SSH
      implementations.</t>
      <t>This document describes the method implemented by OpenSSH and
      others, and formalizes its use of the name "ssh-ed25519".</t>
      <t>Comments on this draft are welcomed and should be sent
      to the Curdle Working Group mailing list.</t>
    </section>
    <section title="Conventions Used in This Document">
      <t>The descriptions of key and signature formats use the
      notation introduced in <xref target="RFC4251"/>, Section 3 and
      the string data type from <xref target="RFC4251"/>,
      Section 5.</t>
    </section>
    <section title="Public Key Algorithm">
      <t>This document describes a public key algorithm for use with
      SSH in accordance with <xref target="RFC4253"/>, Section 6.6.
      The name of the algorithm is "ssh-ed25519".  This algorithm only
      supports signing and not encryption.</t>
    </section>
    <section title="Public Key Format">
      <t>The "ssh-ed25519" key format has the following encoding:</t>
      <figure><artwork>
   string    "ssh-ed25519"
   string    key
      </artwork></figure>
      <t>Here 'key' is the 32-octet public key described by
      <xref target="I-D.irtf-cfrg-eddsa"/>, Section 5.1.5.</t>
    </section>
    <section title="Signature Algorithm">
      <t>Signatures are generated according to the procedure in
      <xref target="I-D.irtf-cfrg-eddsa"/>, Section 5.1.6.</t>
    </section>
    <section title="Signature format">
      <t>The corresponding signature format is:</t>
      <figure><artwork>
   string    "ssh-ed25519"
   string    signature
      </artwork></figure>
      <t>Here 'signature' is the 64-octet signature produced in accordance
      with <xref target="I-D.irtf-cfrg-eddsa"/>, Section 5.1.6.</t>
    </section>
    <section title="Verification Algorithm">
      <t>Signatures are verified according to the procedure in
      <xref target="I-D.irtf-cfrg-eddsa"/>, Section 5.1.7.</t>
    </section>
    <section title="SSHFP DNS resource records">
      <t>The generation of SSHFP resource records for "ssh-ed25519" keys
      is described in <xref target="RFC7479"/>.</t>
    </section>
    <section title="IANA Considerations">
      <t>IANA is requested to assign the Public Key Algorithm name
      "ssh‑ed25519" in accordance with <xref target="RFC4250"/>,
      Section 4.6.2:</t>
      <texttable style="headers">
	<ttcol>Public Key Algorithm Name</ttcol><ttcol>Reference</ttcol>
	<c>ssh-ed25519</c><c>[RFCXXXX]</c>
      </texttable>
      <t>[TO BE REMOVED: This registration should take place at the
      following location:
      <http://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-19>]</t>
    </section>
    <section title="Security Considerations">
      <t>The security considerations in
      <xref target="RFC4251"/>,
      Section 9 apply to all SSH implementations, including
      those using Ed25519.</t>
      <t>The security considerations in
      <xref target="I-D.irtf-cfrg-eddsa"/>,
      Section 10 apply to all uses of
      Ed25519, including those in SSH.</t>
    </section>
    <section title="Acknowledgements">
      <t>The OpenSSH implementation of Ed25519 in SSH was written by
      Markus Friedl.</t>
    </section>
  </middle>
  <back>
    <references title="Normative References">
      <!-- &rfc2119; -->
      &rfc4250;
      &rfc4251;
      &rfc4253;
      &I-D.irtf-cfrg-eddsa;
    </references>
    <references title="Informative References">
      &rfc7479;
      <reference anchor="OpenSSH-6.5"
		 target="http://www.openssh.com/txt/release-6.5">
	<front>
	  <title>[OpenSSH 6.5 release notes]</title>
	  <author fullname="Markus Friedl" initials="M." surname="Friedl"/>
	  <author fullname="Niels Provos" initials="N." surname="Provos"/>
	  <author fullname="Theo de Raadt" initials="T." surname="de Raadt"/>
	  <author fullname="Kevin Steves" initials="K." surname="Steves"/>
	  <author fullname="Damien Miller" initials="D." surname="Miller"/>
	  <author fullname="Darren Tucker" initials="D." surname="Tucker"/>
	  <author fullname="Jason McIntyre" initials="J." surname="McIntyre"/>
	  <author fullname="Tim Rice" initials="T." surname="Rice"/>
	  <author fullname="Ben Lindstrom" initials="B." surname="Lindstrom"/>
	  <date day="30" month="January" year="2014"/>
	</front>
	<format type="TXT" target="http://www.openssh.com/txt/release-6.5"/>
      </reference>
    </references>
  </back>
</rfc>

PAFTECH AB 2003-20262026-04-24 02:55:56