rfc8709xml2.original.xml   rfc8709.xml 
<?xml version="1.0" encoding="ISO-8859-1"?> <?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [ <rfc xmlns:xi="http://www.w3.org/2001/XInclude" version="3" category="std" conse
<!ENTITY rfc2119 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC nsus="true" docName="draft-ietf-curdle-ssh-ed25519-ed448-11" indexInclude="true"
.2119.xml"> ipr="trust200902" number="8709" prepTime="2020-02-25T16:08:14" scripts="Common,
<!ENTITY rfc2629 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC Latin" sortRefs="true" submissionType="IETF" symRefs="true" tocDepth="4" tocIncl
.2629.xml"> ude="true" updates="4253" xml:lang="en">
<!ENTITY rfc4250 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC <link href="https://datatracker.ietf.org/doc/draft-ietf-curdle-ssh-ed25519-ed4
.4250.xml"> 48-11" rel="prev"/>
<!ENTITY rfc4251 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC <link href="https://dx.doi.org/10.17487/rfc8709" rel="alternate"/>
.4251.xml"> <link href="urn:issn:2070-1721" rel="alternate"/>
<!ENTITY rfc4253 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC <front>
.4253.xml"> <title abbrev="Ed25519 and Ed448 for SSH">Ed25519 and Ed448 Public Key Algor
<!ENTITY rfc4255 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC ithms for the Secure Shell (SSH) Protocol</title>
.4255.xml"> <seriesInfo name="RFC" value="8709" stream="IETF"/>
<!ENTITY rfc6594 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC <author initials="B." surname="Harris" fullname="Ben Harris">
.6594.xml"> <address>
<!ENTITY rfc7479 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC <postal>
.7479.xml"> <street>2A Eachard Road</street>
<!ENTITY rfc8032 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC <city>Cambridge</city>
.8032.xml"> <code>CB3 0HY</code>
<!ENTITY rfc8174 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC <country>United Kingdom</country>
.8174.xml"> </postal>
<email>bjh21@bjh21.me.uk</email>
]> </address>
<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?> </author>
<?rfc strict="yes" ?> <author initials="L." surname="Velvindron" fullname="Loganaden Velvindron">
<?rfc toc="no"?> <organization showOnFrontPage="true">cyberstorm.mu</organization>
<?rfc tocdepth="4"?> <address>
<?rfc symrefs="yes"?> <postal>
<?rfc sortrefs="yes" ?> <street>88, Avenue De Plevitz</street>
<?rfc compact="yes" ?> <city>Roches Brunes</city>
<?rfc subcompact="no" ?> <country>Mauritius</country>
<rfc category="std" </postal>
docName="draft-ietf-curdle-ssh-ed25519-ed448-11" <email>logan@cyberstorm.mu</email>
updates="RFC4253" </address>
ipr="trust200902"> </author>
<front> <date month="02" year="2020"/>
<workgroup>curdle</workgroup>
<title abbrev="Ed25519 for SSH"> <abstract pn="section-abstract">
Ed25519 and Ed448 public key algorithms for the Secure Shell (SSH) protocol <t pn="section-abstract-1">
</title>
<author initials="B." surname="Harris" fullname="Ben Harris">
<address>
<postal>
<street>2A Eachard Road</street>
<city>CAMBRIDGE</city>
<code>CB3 0HY</code>
<country>UNITED KINGDOM</country>
</postal>
<email>bjh21@bjh21.me.uk</email>
</address>
</author>
<author initials="L." surname="Velvindron" fullname="Loganaden Velvindron">
<organization> cyberstorm.mu</organization>
<address>
<postal>
<street>88, Avenue De Plevitz</street>
<city>Roches Brunes</city>
<country>Mauritius</country>
</postal>
<email>logan@cyberstorm.mu</email>
</address>
</author>
<date year="2019" />
<workgroup>Internet Engineering Task Force</workgroup>
<abstract>
<t>
This document describes the use of the Ed25519 and Ed448 digital This document describes the use of the Ed25519 and Ed448 digital
signature algorithm in the Secure Shell (SSH) protocol. signature algorithms in the Secure Shell (SSH) protocol. Accordingly,
</t> this RFC updates RFC 4253.
</abstract> </t>
</front> </abstract>
<boilerplate>
<middle> <section anchor="status-of-memo" numbered="false" removeInRFC="false" toc=
<section title="Introduction"> "exclude" pn="section-boilerplate.1">
<t> <name slugifiedName="name-status-of-this-memo">Status of This Memo</name
Secure Shell (SSH) <xref target="RFC4251"/> is a secure >
<t pn="section-boilerplate.1-1">
This is an Internet Standards Track document.
</t>
<t pn="section-boilerplate.1-2">
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by
the Internet Engineering Steering Group (IESG). Further
information on Internet Standards is available in Section 2 of
RFC 7841.
</t>
<t pn="section-boilerplate.1-3">
Information about the current status of this document, any
errata, and how to provide feedback on it may be obtained at
<eref target="https://www.rfc-editor.org/info/rfc8709" brackets="non
e"/>.
</t>
</section>
<section anchor="copyright" numbered="false" removeInRFC="false" toc="excl
ude" pn="section-boilerplate.2">
<name slugifiedName="name-copyright-notice">Copyright Notice</name>
<t pn="section-boilerplate.2-1">
Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved.
</t>
<t pn="section-boilerplate.2-2">
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(<eref target="https://trustee.ietf.org/license-info" brackets="none
"/>) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with
respect to this document. Code Components extracted from this
document must include Simplified BSD License text as described in
Section 4.e of the Trust Legal Provisions and are provided without
warranty as described in the Simplified BSD License.
</t>
</section>
</boilerplate>
<toc>
<section anchor="toc" numbered="false" removeInRFC="false" toc="exclude" p
n="section-toc.1">
<name slugifiedName="name-table-of-contents">Table of Contents</name>
<ul bare="true" empty="true" indent="2" spacing="compact" pn="section-to
c.1-1">
<li pn="section-toc.1-1.1">
<t keepWithNext="true" pn="section-toc.1-1.1.1"><xref derivedContent
="1" format="counter" sectionFormat="of" target="section-1"/>.  <xref derivedCon
tent="" format="title" sectionFormat="of" target="name-introduction">Introductio
n</xref></t>
</li>
<li pn="section-toc.1-1.2">
<t keepWithNext="true" pn="section-toc.1-1.2.1"><xref derivedContent
="2" format="counter" sectionFormat="of" target="section-2"/>.  <xref derivedCon
tent="" format="title" sectionFormat="of" target="name-conventions-used-in-this-
do">Conventions Used in This Document</xref></t>
<ul bare="true" empty="true" indent="2" spacing="compact" pn="sectio
n-toc.1-1.2.2">
<li pn="section-toc.1-1.2.2.1">
<t keepWithNext="true" pn="section-toc.1-1.2.2.1.1"><xref derive
dContent="2.1" format="counter" sectionFormat="of" target="section-2.1"/>.  <xre
f derivedContent="" format="title" sectionFormat="of" target="name-requirements-
language">Requirements Language</xref></t>
</li>
</ul>
</li>
<li pn="section-toc.1-1.3">
<t keepWithNext="true" pn="section-toc.1-1.3.1"><xref derivedContent
="3" format="counter" sectionFormat="of" target="section-3"/>.  <xref derivedCon
tent="" format="title" sectionFormat="of" target="name-public-key-algorithm">Pub
lic Key Algorithm</xref></t>
</li>
<li pn="section-toc.1-1.4">
<t keepWithNext="true" pn="section-toc.1-1.4.1"><xref derivedContent
="4" format="counter" sectionFormat="of" target="section-4"/>.  <xref derivedCon
tent="" format="title" sectionFormat="of" target="name-public-key-format">Public
Key Format</xref></t>
</li>
<li pn="section-toc.1-1.5">
<t keepWithNext="true" pn="section-toc.1-1.5.1"><xref derivedContent
="5" format="counter" sectionFormat="of" target="section-5"/>.  <xref derivedCon
tent="" format="title" sectionFormat="of" target="name-signature-algorithm">Sign
ature Algorithm</xref></t>
</li>
<li pn="section-toc.1-1.6">
<t keepWithNext="true" pn="section-toc.1-1.6.1"><xref derivedContent
="6" format="counter" sectionFormat="of" target="section-6"/>.  <xref derivedCon
tent="" format="title" sectionFormat="of" target="name-signature-format">Signatu
re Format</xref></t>
</li>
<li pn="section-toc.1-1.7">
<t keepWithNext="true" pn="section-toc.1-1.7.1"><xref derivedContent
="7" format="counter" sectionFormat="of" target="section-7"/>.  <xref derivedCon
tent="" format="title" sectionFormat="of" target="name-verification-algorithm">V
erification Algorithm</xref></t>
</li>
<li pn="section-toc.1-1.8">
<t keepWithNext="true" pn="section-toc.1-1.8.1"><xref derivedContent
="8" format="counter" sectionFormat="of" target="section-8"/>.  <xref derivedCon
tent="" format="title" sectionFormat="of" target="name-sshfp-dns-resource-record
s">SSHFP DNS Resource Records</xref></t>
</li>
<li pn="section-toc.1-1.9">
<t keepWithNext="true" pn="section-toc.1-1.9.1"><xref derivedContent
="9" format="counter" sectionFormat="of" target="section-9"/>.  <xref derivedCon
tent="" format="title" sectionFormat="of" target="name-iana-considerations">IANA
Considerations</xref></t>
</li>
<li pn="section-toc.1-1.10">
<t keepWithNext="true" pn="section-toc.1-1.10.1"><xref derivedConten
t="10" format="counter" sectionFormat="of" target="section-10"/>. <xref derivedC
ontent="" format="title" sectionFormat="of" target="name-security-considerations
">Security Considerations</xref></t>
</li>
<li pn="section-toc.1-1.11">
<t keepWithNext="true" pn="section-toc.1-1.11.1"><xref derivedConten
t="11" format="counter" sectionFormat="of" target="section-11"/>. <xref derivedC
ontent="" format="title" sectionFormat="of" target="name-references">References<
/xref></t>
<ul bare="true" empty="true" indent="2" spacing="compact" pn="sectio
n-toc.1-1.11.2">
<li pn="section-toc.1-1.11.2.1">
<t keepWithNext="true" pn="section-toc.1-1.11.2.1.1"><xref deriv
edContent="11.1" format="counter" sectionFormat="of" target="section-11.1"/>.  <
xref derivedContent="" format="title" sectionFormat="of" target="name-normative-
references">Normative References</xref></t>
</li>
<li pn="section-toc.1-1.11.2.2">
<t keepWithNext="true" pn="section-toc.1-1.11.2.2.1"><xref deriv
edContent="11.2" format="counter" sectionFormat="of" target="section-11.2"/>.  <
xref derivedContent="" format="title" sectionFormat="of" target="name-informativ
e-references">Informative References</xref></t>
</li>
</ul>
</li>
<li pn="section-toc.1-1.12">
<t keepWithNext="true" pn="section-toc.1-1.12.1"><xref derivedConten
t="" format="none" sectionFormat="of" target="section-appendix.a"/><xref derived
Content="" format="title" sectionFormat="of" target="name-acknowledgements">Ackn
owledgements</xref></t>
</li>
<li pn="section-toc.1-1.13">
<t keepWithNext="true" pn="section-toc.1-1.13.1"><xref derivedConten
t="" format="none" sectionFormat="of" target="section-appendix.b"/><xref derived
Content="" format="title" sectionFormat="of" target="name-authors-addresses">Aut
hors' Addresses</xref></t>
</li>
</ul>
</section>
</toc>
</front>
<middle>
<section numbered="true" toc="include" removeInRFC="false" pn="section-1">
<name slugifiedName="name-introduction">Introduction</name>
<t pn="section-1-1">
Secure Shell (SSH) <xref target="RFC4251" format="default" sectionFormat=
"of" derivedContent="RFC4251"/> is a secure
remote-login protocol. It provides for an extensible variety of remote-login protocol. It provides for an extensible variety of
public key algorithms for identifying servers and users to one public key algorithms for identifying servers and users to one
another. Ed25519 <xref target="RFC8032"/> is a digital another. Ed25519 <xref target="RFC8032" format="default" sectionFormat="o
signature system. OpenSSH 6.5 <xref target="OpenSSH-6.5"/> f" derivedContent="RFC8032"/> is a digital
signature system. OpenSSH 6.5 <xref target="OpenSSH-6.5" format="default"
sectionFormat="of" derivedContent="OpenSSH-6.5"/>
introduced support for using Ed25519 for server and user introduced support for using Ed25519 for server and user
authentication and was then followed by other SSH implementations. authentication and was then followed by other SSH implementations.
</t> </t>
<t> <t pn="section-1-2">
This document describes the method implemented by OpenSSH and This document describes the method implemented by OpenSSH and others
others, and formalizes its use of the name "ssh-ed25519". Additionally, i and formalizes the use of the name "ssh-ed25519". Additionally,
t also describes this document describes the use of Ed448 and formalizes the use of the
the use of Ed448 and formalizes its use of the name "ssh-ed448". name "ssh-ed448".
</t> </t>
<t> </section>
[TO BE REMOVED: Please send comments on this draft to curdle@ietf.org.] <section numbered="true" toc="include" removeInRFC="false" pn="section-2">
</t> <name slugifiedName="name-conventions-used-in-this-do">Conventions Used in
</section> This Document</name>
<t pn="section-2-1">
<section title="Conventions Used in This Document">
<t>
The descriptions of key and signature formats use the notation The descriptions of key and signature formats use the notation
introduced in <xref target="RFC4251">[RFC4251], Section introduced in <xref target="RFC4251" sectionFormat="comma" section="3" fo
3</xref> and the string data type from <xref rmat="default" derivedLink="https://rfc-editor.org/rfc/rfc4251#section-3" derive
target="RFC4251">[RFC4251], Section 5</xref>. dContent="RFC4251"/> and the string data type from <xref target="RFC4251" sectio
</t> nFormat="comma" section="5" format="default" derivedLink="https://rfc-editor.org
<section title="Requirements Language"> /rfc/rfc4251#section-5" derivedContent="RFC4251"/>.
<t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", </t>
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this <section numbered="true" toc="include" removeInRFC="false" pn="section-2.1
document are to be interpreted as described in <xref ">
target="RFC2119">RFC 2119</xref> <xref target="RFC8174">RFC 8174</xref> <name slugifiedName="name-requirements-language">Requirements Language</
when, and only when, they appear in all capitals, as shown here.</t> name>
</section> <t pn="section-2.1-1">
</section> The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQU
IRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bcp14>", "<bcp14>SHOUL
<section title="Public Key Algorithm"> D</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>N
<t> OT RECOMMENDED</bcp14>",
This document describes a public key algorithm for use with SSH "<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to
in accordance with <xref target="RFC4253">[RFC4253], Section be interpreted as
6.6</xref>. The name of the algorithm is "ssh-ed25519". This described in BCP 14 <xref target="RFC2119" format="default" sectionFormat="o
f" derivedContent="RFC2119"/> <xref target="RFC8174" format="default" sectionFor
mat="of" derivedContent="RFC8174"/>
when, and only when, they appear in all capitals, as shown here.
</t>
</section>
</section>
<section numbered="true" toc="include" removeInRFC="false" pn="section-3">
<name slugifiedName="name-public-key-algorithm">Public Key Algorithm</name
>
<t pn="section-3-1">
This document describes a public key algorithm for use with SSH,
as per <xref target="RFC4253" sectionFormat="comma" section="6.6" format=
"default" derivedLink="https://rfc-editor.org/rfc/rfc4253#section-6.6" derivedCo
ntent="RFC4253"/>. The name of the algorithm is "ssh-ed25519". This
algorithm only supports signing and not encryption. algorithm only supports signing and not encryption.
</t> </t>
<t> <t pn="section-3-2">
Additionally, this document describes another public key algorithm. Additionally, this document describes another public key algorithm.
The name of the algorithm is "ssh-ed448". This algorithm only supports The name of the algorithm is "ssh-ed448". This algorithm only supports
signing and not encryption. signing and not encryption.
</t> </t>
<t> <t pn="section-3-3">
Standard implementations of SSH SHOULD implement these signature algorithms. Standard implementations of SSH <bcp14>SHOULD</bcp14> implement these signature
</t> algorithms.
</section> </t>
</section>
<section title="Public Key Format"> <section numbered="true" toc="include" removeInRFC="false" pn="section-4">
<figure> <name slugifiedName="name-public-key-format">Public Key Format</name>
<preamble> <t pn="section-4-1">
The "ssh-ed25519" key format has the following encoding: The "ssh-ed25519" key format has the following encoding:
</preamble> </t>
<artwork> <dl newline="false" spacing="normal" indent="6" pn="section-4-2">
string "ssh-ed25519" <dt pn="section-4-2.1">string</dt>
string key <dd pn="section-4-2.2">"ssh-ed25519"</dd>
</artwork> <dt pn="section-4-2.3">string</dt>
</figure> <dd pn="section-4-2.4">key</dd>
</dl>
<t> <t pn="section-4-3">
Here 'key' is the 32-octet public key described by Here, 'key' is the 32-octet public key described in
<xref target="RFC8032">[RFC8032], Section 5.1.5</xref>. <xref target="RFC8032" sectionFormat="comma" section="5.1.5" format="defa
</t> ult" derivedLink="https://rfc-editor.org/rfc/rfc8032#section-5.1.5" derivedConte
nt="RFC8032"/>.
<figure> </t>
<preamble> <t pn="section-4-4">
The "ssh-ed448" key format has the following encoding: The "ssh-ed448" key format has the following encoding:
</preamble> </t>
<artwork> <dl newline="false" spacing="normal" indent="6" pn="section-4-5">
string "ssh-ed448" <dt pn="section-4-5.1">string</dt>
string key <dd pn="section-4-5.2">"ssh-ed448"</dd>
</artwork> <dt pn="section-4-5.3">string</dt>
</figure> <dd pn="section-4-5.4">key</dd>
</dl>
<t> <t pn="section-4-6">
Here 'key' is the 57-octet public key described by Here, 'key' is the 57-octet public key described in
<xref target="RFC8032">[RFC8032], Section 5.2.5</xref>. <xref target="RFC8032" sectionFormat="comma" section="5.2.5" format="defa
</t> ult" derivedLink="https://rfc-editor.org/rfc/rfc8032#section-5.2.5" derivedConte
nt="RFC8032"/>.
</section> </t>
</section>
<section title="Signature Algorithm"> <section numbered="true" toc="include" removeInRFC="false" pn="section-5">
<t> <name slugifiedName="name-signature-algorithm">Signature Algorithm</name>
Signatures are generated according to the procedure in <t pn="section-5-1">
<xref target="RFC8032">[RFC8032], Section 5.1.6 and Section 5.2.6 </xref> Signatures are generated according to the procedure in Sections
. <xref target="RFC8032" sectionFormat="bare" section="5.1.6" format="defau
</t> lt" derivedLink="https://rfc-editor.org/rfc/rfc8032#section-5.1.6" derivedConten
</section> t="RFC8032"/> and <xref target="RFC8032" sectionFormat="bare" section="5.2.6" fo
rmat="default" derivedLink="https://rfc-editor.org/rfc/rfc8032#section-5.2.6" de
<section title="Signature Format"> rivedContent="RFC8032"/> of <xref target="RFC8032" format="default" sectionForma
<figure> t="of" derivedContent="RFC8032"/>.
<preamble> </t>
</section>
<section numbered="true" toc="include" removeInRFC="false" pn="section-6">
<name slugifiedName="name-signature-format">Signature Format</name>
<t pn="section-6-1">
The "ssh-ed25519" key format has the following encoding: The "ssh-ed25519" key format has the following encoding:
</preamble> </t>
<artwork> <dl newline="false" spacing="normal" indent="6" pn="section-6-2">
string "ssh-ed25519" <dt pn="section-6-2.1">string</dt>
string signature <dd pn="section-6-2.2">"ssh-ed25519"</dd>
</artwork> <dt pn="section-6-2.3">string</dt>
</figure> <dd pn="section-6-2.4">signature</dd>
<t> </dl>
Here 'signature' is the 64-octet signature produced in <t pn="section-6-3">
accordance with <xref target="RFC8032">[RFC8032], Section Here, 'signature' is the 64-octet signature produced in
5.1.6</xref>. accordance with <xref target="RFC8032" sectionFormat="comma" section="5.1
</t> .6" format="default" derivedLink="https://rfc-editor.org/rfc/rfc8032#section-5.1
.6" derivedContent="RFC8032"/>.
<figure> </t>
<preamble> <t pn="section-6-4">
The "ssh-ed448" key format has the following encoding: The "ssh-ed448" key format has the following encoding:
</preamble> </t>
<artwork> <dl newline="false" spacing="normal" indent="6" pn="section-6-5">
string "ssh-ed448" <dt pn="section-6-5.1">string</dt>
string signature <dd pn="section-6-5.2">"ssh-ed448"</dd>
</artwork> <dt pn="section-6-5.3">string</dt>
</figure> <dd pn="section-6-5.4">signature</dd>
<t> </dl>
Here 'signature' is the 114-octet signature produced in <t pn="section-6-6">
accordance with <xref target="RFC8032">[RFC8032], Section Here, 'signature' is the 114-octet signature produced in
5.2.6</xref>. accordance with <xref target="RFC8032" sectionFormat="comma" section="5.2
</t> .6" format="default" derivedLink="https://rfc-editor.org/rfc/rfc8032#section-5.2
</section> .6" derivedContent="RFC8032"/>.
</t>
<section title="Verification Algorithm"> </section>
<t> <section numbered="true" toc="include" removeInRFC="false" pn="section-7">
<name slugifiedName="name-verification-algorithm">Verification Algorithm</
name>
<t pn="section-7-1">
Ed25519 signatures are verified according to the procedure in Ed25519 signatures are verified according to the procedure in
<xref target="RFC8032">[RFC8032], Section 5.1.7</xref>. <xref target="RFC8032" sectionFormat="comma" section="5.1.7" format="defa
</t> ult" derivedLink="https://rfc-editor.org/rfc/rfc8032#section-5.1.7" derivedConte
nt="RFC8032"/>.
<t> </t>
<t pn="section-7-2">
Ed448 signatures are verified according to the procedure in Ed448 signatures are verified according to the procedure in
<xref target="RFC8032">[RFC8032], Section 5.2.7</xref>. <xref target="RFC8032" sectionFormat="comma" section="5.2.7" format="defa
</t> ult" derivedLink="https://rfc-editor.org/rfc/rfc8032#section-5.2.7" derivedConte
</section> nt="RFC8032"/>.
</t>
<section title="SSHFP DNS resource records"> </section>
<t> <section numbered="true" toc="include" removeInRFC="false" pn="section-8">
Usage and generation of SSHFP DNS resource record is described in <xref target=" <name slugifiedName="name-sshfp-dns-resource-records">SSHFP DNS Resource R
RFC4255"></xref>. ecords</name>
The generation of SSHFP resource records for "ssh-ed25519" keys is described in <t pn="section-8-1">
<xref target="RFC7479"> </xref>. Usage and generation of the SSHFP DNS resource record
This section illustrates the generation of SSHFP resource records for "ssh-ed448 is described in <xref target="RFC4255" format="default" sectionFormat="of" deriv
" keys and edContent="RFC4255"/>.
the document specifies the corresponding Ed448 code point to the The generation of SSHFP resource records for "ssh-ed25519" keys is described
"SSHFP RR Types for public key algorithms" IANA registry. in <xref target="RFC7479" format="default" sectionFormat="of" derivedContent="RF
</t> C7479"> </xref>.
<t> This section illustrates the generation of SSHFP resource records for "ssh-ed448
The generation of SSHFP resource records for "ssh-ed25519" keys " keys, and
is described in <xref target="RFC7479"/>. this document also specifies the corresponding Ed448 code point to "SSHFP RR
</t> Types for public key algorithms" in the "DNS SSHFP Resource Record Parameters"
<t> IANA registry <xref target="IANA-SSHFP" format="default" sectionFormat="of" deri
vedContent="IANA-SSHFP"/>.
</t>
<t pn="section-8-2">
The generation of SSHFP resource records for "ssh-ed448" keys The generation of SSHFP resource records for "ssh-ed448" keys
is described as follows. is described as follows.
</t> </t>
<t> <t pn="section-8-3">
The encoding of Ed448 public keys is described in <xref target="ED448"></xref>. The encoding of Ed448 public keys is described in <xref target="ED448" format="d
In brief, efault" sectionFormat="of" derivedContent="ED448"/>. In brief,
an Ed448 public key is a 57-octet value representing a 455-bit y-coordinate an Ed448 public key is a 57-octet value representing a 455-bit y-coordinate
of an elliptic curve point, and a sign bit indicating the the corresponding of an elliptic curve point, and a sign bit indicating the corresponding
x-coordinate. x-coordinate.
</t> </t>
<t> <t pn="section-8-4">
The SSHFP Resource Record for the Ed448 public key with SHA-256 fingerprint The SSHFP Resource Record for the Ed448 public key with SHA-256 fingerprint
would for example be: would, for example, be:
</t>
<t>
example.com. IN SSHFP TBD 2 ( a87f1b687ac0e57d2a081a2f2826723
34d90ed316d2b818ca9580ea384d924
01 )
</t>
<t>
The 2 here indicates SHA-256 <xref target="RFC6594"></xref>.
</t> </t>
</section> <artwork align="left" pn="section-8-5">
example.com. IN SSHFP 6 2 ( a87f1b687ac0e57d2a081a2f2826723
<section title="IANA Considerations"> 34d90ed316d2b818ca9580ea384d924
<t>This document augments the Public Key Algorithm Names in <xref 01 )
target="RFC4250">[RFC4250], Section 4.6.2</xref>. </artwork>
</t> <t pn="section-8-6">
<t> The '2' here indicates SHA-256 <xref target="RFC6594" format="default" sectionFo
IANA is requested to add to the Public Key Algorithm Names rmat="of" derivedContent="RFC6594"/>.
registry <xref target="IANA-PKA"/> with the following
entry:
</t>
<texttable style="headers">
<ttcol>Public Key Algorithm Name</ttcol><ttcol>Reference</ttcol>
<c>ssh-ed25519</c><c>This Draft</c>
<c>ssh-ed448</c><c>This Draft</c>
</texttable>
<t>
IANA is requested to add the following entry to the "SSHFP RR Types for public
key algorithms" registry <xref target="IANA-SSHFP"></xref>:
</t>
<t>+--------+-------------+------------+</t>
<t>| Value | Description | Reference |</t>
<t>+--------+-------------+------------+</t>
<t>| TBD | Ed448 | [this-draft] |</t>
<t>+--------+-------------+------------+</t>
<t>
We strongly suggest 6 as value.
</t> </t>
<t> </section>
[TO BE REMOVED: This registration should take place at the <section numbered="true" toc="include" removeInRFC="false" pn="section-9">
following location: <name slugifiedName="name-iana-considerations">IANA Considerations</name>
&lt;http://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml# <t pn="section-9-1"> This document augments the Public Key Algorithm Names
ssh-parameters-19>] in <xref target="RFC4250" sectionFormat="comma" section="4.11.3" format="defaul
t" derivedLink="https://rfc-editor.org/rfc/rfc4250#section-4.11.3" derivedConten
t="RFC4250"/>.
</t> </t>
</section> <t pn="section-9-2">
IANA has added the following entry to "Public Key Algorithm Names" in the
<section title="Security Considerations"> "Secure Shell (SSH) Protocol Parameters"
<t> registry <xref target="IANA-SSH" format="default" sectionFormat="of" deri
The security considerations in <xref target="RFC4251"> vedContent="IANA-SSH"/>:
[RFC4251], Section 9</xref> apply to all SSH </t>
<table align="center" pn="table-1">
<thead>
<tr>
<th align="left" colspan="1" rowspan="1">Public Key Algorithm Name</
th>
<th align="left" colspan="1" rowspan="1">Reference</th>
</tr>
</thead>
<tbody>
<tr>
<td align="left" colspan="1" rowspan="1">ssh-ed25519</td>
<td align="left" colspan="1" rowspan="1">RFC 8709</td>
</tr>
<tr>
<td align="left" colspan="1" rowspan="1">ssh-ed448</td>
<td align="left" colspan="1" rowspan="1">RFC 8709</td>
</tr>
</tbody>
</table>
<t pn="section-9-4">
IANA has added the following entry to "SSHFP RR Types for public
key algorithms" in the "DNS SSHFP Resource Record Parameters" registry
<xref target="IANA-SSHFP" format="default" sectionFormat="of" derivedContent=
"IANA-SSHFP"/>:
</t>
<table align="center" pn="table-2">
<thead>
<tr>
<th align="left" colspan="1" rowspan="1">Value</th>
<th align="left" colspan="1" rowspan="1">Description</th>
<th align="left" colspan="1" rowspan="1">Reference</th>
</tr>
</thead>
<tbody>
<tr>
<td align="left" colspan="1" rowspan="1">6</td>
<td align="left" colspan="1" rowspan="1">Ed448</td>
<td align="left" colspan="1" rowspan="1">RFC 8709</td>
</tr>
</tbody>
</table>
</section>
<section numbered="true" toc="include" removeInRFC="false" pn="section-10">
<name slugifiedName="name-security-considerations">Security Considerations
</name>
<t pn="section-10-1">
The security considerations in <xref target="RFC4251" sectionFormat="comm
a" section="9" format="default" derivedLink="https://rfc-editor.org/rfc/rfc4251#
section-9" derivedContent="RFC4251"/> apply to all SSH
implementations, including those using Ed25519 and Ed448. implementations, including those using Ed25519 and Ed448.
</t> </t>
<t pn="section-10-2">
<t> The security considerations in <xref target="RFC8032" sectionFormat="comm
The security considerations in <xref target="RFC8032"> a" section="8" format="default" derivedLink="https://rfc-editor.org/rfc/rfc8032#
[RFC8032], Section 8</xref> and <xref target="RFC7479"> </xref> apply to section-8" derivedContent="RFC8032"/> and <xref target="RFC7479" sectionFormat="
all uses of Ed25519 and Ed448 comma" section="3" format="default" derivedLink="https://rfc-editor.org/rfc/rfc7
including those in SSH. 479#section-3" derivedContent="RFC7479"> </xref> apply to all uses of
</t> Ed25519 and Ed448, including those in SSH.
</section> </t>
</section>
<section title="Acknowledgements"> </middle>
<t> <back>
The OpenSSH implementation of Ed25519 in SSH was written by Markus <references pn="section-11">
Friedl. We are also grateful to Mark Baushke, Benjamin Kaduk and Daniel M <name slugifiedName="name-references">References</name>
igault for their comments. <references pn="section-11.1">
</t> <name slugifiedName="name-normative-references">Normative References</na
</section> me>
<reference anchor="RFC2119" target="https://www.rfc-editor.org/info/rfc2
</middle> 119" quoteTitle="true" derivedAnchor="RFC2119">
<front>
<back> <title>Key words for use in RFCs to Indicate Requirement Levels</tit
le>
<references title="Normative References"> <author initials="S." surname="Bradner" fullname="S. Bradner">
&rfc2119; <organization showOnFrontPage="true"/>
&rfc4250; </author>
&rfc4251; <date year="1997" month="March"/>
&rfc4253; <abstract>
&rfc4255; <t>In many standards track documents several words are used to sig
&rfc6594; nify the requirements in the specification. These words are often capitalized.
&rfc8032; This document defines these words as they should be interpreted in IETF document
&rfc8174; s. This document specifies an Internet Best Current Practices for the Internet
Community, and requests discussion and suggestions for improvements.</t>
</references> </abstract>
</front>
<references title="Informative References"> <seriesInfo name="BCP" value="14"/>
<seriesInfo name="RFC" value="2119"/>
<reference <seriesInfo name="DOI" value="10.17487/RFC2119"/>
anchor="IANA-PKA" </reference>
target="http://www.iana.org/assignments/ssh-parameters/ssh-parameters.xh <reference anchor="RFC4250" target="https://www.rfc-editor.org/info/rfc4
tml#ssh-parameters-19"> 250" quoteTitle="true" derivedAnchor="RFC4250">
<front> <front>
<title>Secure Shell (SSH) Protocol Parameters: <title>The Secure Shell (SSH) Protocol Assigned Numbers</title>
Public Key Algorithm Names</title> <author initials="S." surname="Lehtinen" fullname="S. Lehtinen">
<author> <organization showOnFrontPage="true"/>
<organization>Internet Assigned Numbers Authority (IANA) </author>
</organization> <author initials="C." surname="Lonvick" fullname="C. Lonvick" role="
</author> editor">
<date month="May" year="2017"/> <organization showOnFrontPage="true"/>
</front> </author>
</reference> <date year="2006" month="January"/>
<abstract>
<reference <t>This document defines the instructions to the IANA and the init
anchor="IANA-SSHFP" ial state of the IANA assigned numbers for the Secure Shell (SSH) protocol. It
target="https://www.iana.org/assignments/dns-sshfp-rr-parameters/dns-ssh is intended only for the initialization of the IANA registries referenced in the
fp-rr-parameters.xhtml#dns-sshfp-rr-parameters-1"> set of SSH documents. [STANDARDS-TRACK]</t>
<front> </abstract>
<title>Secure Shell (SSH) Protocol Parameters: </front>
Public Key Algorithm Names</title> <seriesInfo name="RFC" value="4250"/>
<author> <seriesInfo name="DOI" value="10.17487/RFC4250"/>
<organization>Internet Assigned Numbers Authority (IANA) </reference>
</organization> <reference anchor="RFC4251" target="https://www.rfc-editor.org/info/rfc4
</author> 251" quoteTitle="true" derivedAnchor="RFC4251">
<date month="May" year="2017"/> <front>
</front> <title>The Secure Shell (SSH) Protocol Architecture</title>
</reference> <author initials="T." surname="Ylonen" fullname="T. Ylonen">
<organization showOnFrontPage="true"/>
&rfc7479; </author>
<author initials="C." surname="Lonvick" fullname="C. Lonvick" role="
<reference editor">
anchor="OpenSSH-6.5" <organization showOnFrontPage="true"/>
target="http://www.openssh.com/txt/release-6.5"> </author>
<front> <date year="2006" month="January"/>
<title>OpenSSH 6.5 release notes</title> <abstract>
<author surname="Friedl" initials="M." fullname="Marcus Friedl"/> <t>The Secure Shell (SSH) Protocol is a protocol for secure remote
<author surname="Provos" initials="N." fullname="Niels Provos"/> login and other secure network services over an insecure network. This documen
<author surname="de Raadt" initials="T." fullname="Theo de Raadt"/> t describes the architecture of the SSH protocol, as well as the notation and te
<author surname="Steves" initials="K." fullname="Kevin Steves"/> rminology used in SSH protocol documents. It also discusses the SSH algorithm n
<author surname="Miller" initials="D." fullname="Damien Miller"/> aming system that allows local extensions. The SSH protocol consists of three m
<author surname="Tucker" initials="D." fullname="Darren Tucker"/> ajor components: The Transport Layer Protocol provides server authentication, co
<author surname="Rice" initials="T." fullname="Tim Rice"/> nfidentiality, and integrity with perfect forward secrecy. The User Authenticat
<author surname="Lindstrom" initials="B." fullname="Ben Lindstrom"/> ion Protocol authenticates the client to the server. The Connection Protocol mu
<date month="January" year="2014"/> ltiplexes the encrypted tunnel into several logical channels. Details of these
</front> protocols are described in separate documents. [STANDARDS-TRACK]</t>
</reference> </abstract>
<reference </front>
anchor="ED448" <seriesInfo name="RFC" value="4251"/>
target="https://eprint.iacr.org/2015/625.pdf"> <seriesInfo name="DOI" value="10.17487/RFC4251"/>
<front> </reference>
<title> Ed448-Goldilocks, a new elliptic curve</title> <reference anchor="RFC4253" target="https://www.rfc-editor.org/info/rfc4
<author surname="Hamburg" initials="M." fullname="Mike Hamburg"/> 253" quoteTitle="true" derivedAnchor="RFC4253">
<date month="January" year="2015"/> <front>
</front> <title>The Secure Shell (SSH) Transport Layer Protocol</title>
</reference> <author initials="T." surname="Ylonen" fullname="T. Ylonen">
</references> <organization showOnFrontPage="true"/>
</author>
</back> <author initials="C." surname="Lonvick" fullname="C. Lonvick" role="
editor">
<organization showOnFrontPage="true"/>
</author>
<date year="2006" month="January"/>
<abstract>
<t>The Secure Shell (SSH) is a protocol for secure remote login an
d other secure network services over an insecure network.</t>
<t>This document describes the SSH transport layer protocol, which
typically runs on top of TCP/IP. The protocol can be used as a basis for a num
ber of secure network services. It provides strong encryption, server authentic
ation, and integrity protection. It may also provide compression.</t>
<t>Key exchange method, public key algorithm, symmetric encryption
algorithm, message authentication algorithm, and hash algorithm are all negotia
ted.</t>
<t>This document also describes the Diffie-Hellman key exchange me
thod and the minimal set of algorithms that are needed to implement the SSH tran
sport layer protocol. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="4253"/>
<seriesInfo name="DOI" value="10.17487/RFC4253"/>
</reference>
<reference anchor="RFC4255" target="https://www.rfc-editor.org/info/rfc4
255" quoteTitle="true" derivedAnchor="RFC4255">
<front>
<title>Using DNS to Securely Publish Secure Shell (SSH) Key Fingerpr
ints</title>
<author initials="J." surname="Schlyter" fullname="J. Schlyter">
<organization showOnFrontPage="true"/>
</author>
<author initials="W." surname="Griffin" fullname="W. Griffin">
<organization showOnFrontPage="true"/>
</author>
<date year="2006" month="January"/>
<abstract>
<t>This document describes a method of verifying Secure Shell (SSH
) host keys using Domain Name System Security (DNSSEC). The document defines a
new DNS resource record that contains a standard SSH key fingerprint. [STANDARD
S-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="4255"/>
<seriesInfo name="DOI" value="10.17487/RFC4255"/>
</reference>
<reference anchor="RFC6594" target="https://www.rfc-editor.org/info/rfc6
594" quoteTitle="true" derivedAnchor="RFC6594">
<front>
<title>Use of the SHA-256 Algorithm with RSA, Digital Signature Algo
rithm (DSA), and Elliptic Curve DSA (ECDSA) in SSHFP Resource Records</title>
<author initials="O." surname="Sury" fullname="O. Sury">
<organization showOnFrontPage="true"/>
</author>
<date year="2012" month="April"/>
<abstract>
<t>This document updates the IANA registries in RFC 4255, which de
fines SSHFP, a DNS Resource Record (RR) that contains a standard Secure Shell (S
SH) key fingerprint used to verify SSH host keys using DNS Security Extensions (
DNSSEC). This document defines additional options supporting SSH public keys ap
plying the Elliptic Curve Digital Signature Algorithm (ECDSA) and the implementa
tion of fingerprints computed using the SHA-256 message digest algorithm in SSHF
P Resource Records. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="6594"/>
<seriesInfo name="DOI" value="10.17487/RFC6594"/>
</reference>
<reference anchor="RFC8032" target="https://www.rfc-editor.org/info/rfc8
032" quoteTitle="true" derivedAnchor="RFC8032">
<front>
<title>Edwards-Curve Digital Signature Algorithm (EdDSA)</title>
<author initials="S." surname="Josefsson" fullname="S. Josefsson">
<organization showOnFrontPage="true"/>
</author>
<author initials="I." surname="Liusvaara" fullname="I. Liusvaara">
<organization showOnFrontPage="true"/>
</author>
<date year="2017" month="January"/>
<abstract>
<t>This document describes elliptic curve signature scheme Edwards
-curve Digital Signature Algorithm (EdDSA). The algorithm is instantiated with
recommended parameters for the edwards25519 and edwards448 curves. An example i
mplementation and test vectors are provided.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="8032"/>
<seriesInfo name="DOI" value="10.17487/RFC8032"/>
</reference>
<reference anchor="RFC8174" target="https://www.rfc-editor.org/info/rfc8
174" quoteTitle="true" derivedAnchor="RFC8174">
<front>
<title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</ti
tle>
<author initials="B." surname="Leiba" fullname="B. Leiba">
<organization showOnFrontPage="true"/>
</author>
<date year="2017" month="May"/>
<abstract>
<t>RFC 2119 specifies common key words that may be used in protoco
l specifications. This document aims to reduce the ambiguity by clarifying tha
t only UPPERCASE usage of the key words have the defined special meanings.</t>
</abstract>
</front>
<seriesInfo name="BCP" value="14"/>
<seriesInfo name="RFC" value="8174"/>
<seriesInfo name="DOI" value="10.17487/RFC8174"/>
</reference>
</references>
<references pn="section-11.2">
<name slugifiedName="name-informative-references">Informative References
</name>
<reference anchor="ED448" target="https://eprint.iacr.org/2015/625.pdf"
quoteTitle="true" derivedAnchor="ED448">
<front>
<title>Ed448-Goldilocks, a new elliptic curve</title>
<author surname="Hamburg" initials="M." fullname="Mike Hamburg"/>
<date month="January" year="2015"/>
</front>
</reference>
<reference anchor="IANA-SSH" target="https://www.iana.org/assignments/ss
h-parameters" quoteTitle="true" derivedAnchor="IANA-SSH">
<front>
<title>Secure Shell (SSH) Protocol Parameters</title>
<author>
<organization showOnFrontPage="true">IANA</organization>
</author>
</front>
</reference>
<reference anchor="IANA-SSHFP" target="https://www.iana.org/assignments/
dns-sshfp-rr-parameters" quoteTitle="true" derivedAnchor="IANA-SSHFP">
<front>
<title>DNS SSHFP Resource Record Parameters</title>
<author>
<organization showOnFrontPage="true">IANA</organization>
</author>
</front>
</reference>
<reference anchor="OpenSSH-6.5" target="http://www.openssh.com/txt/relea
se-6.5" quoteTitle="true" derivedAnchor="OpenSSH-6.5">
<front>
<title>OpenSSH 6.5 release notes</title>
<author surname="Friedl" initials="M." fullname="Marcus Friedl"/>
<author surname="Provos" initials="N." fullname="Niels Provos"/>
<author surname="de Raadt" initials="T." fullname="Theo de Raadt"/>
<author surname="Steves" initials="K." fullname="Kevin Steves"/>
<author surname="Miller" initials="D." fullname="Damien Miller"/>
<author surname="Tucker" initials="D." fullname="Darren Tucker"/>
<author surname="McIntyre" initials="J." fullname="Jason McIntyre"/>
<author surname="Rice" initials="T." fullname="Tim Rice"/>
<author surname="Lindstrom" initials="B." fullname="Ben Lindstrom"/>
<date month="January" year="2014"/>
</front>
</reference>
<reference anchor="RFC7479" target="https://www.rfc-editor.org/info/rfc7
479" quoteTitle="true" derivedAnchor="RFC7479">
<front>
<title>Using Ed25519 in SSHFP Resource Records</title>
<author initials="S." surname="Moonesamy" fullname="S. Moonesamy">
<organization showOnFrontPage="true"/>
</author>
<date year="2015" month="March"/>
<abstract>
<t>The Ed25519 signature algorithm has been implemented in OpenSSH
. This document updates the IANA "SSHFP RR Types for public key algorithms" reg
istry by adding an algorithm number for Ed25519.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="7479"/>
<seriesInfo name="DOI" value="10.17487/RFC7479"/>
</reference>
</references>
</references>
<section numbered="false" toc="include" removeInRFC="false" pn="section-appe
ndix.a">
<name slugifiedName="name-acknowledgements">Acknowledgements</name>
<t pn="section-appendix.a-1">
The OpenSSH implementation of Ed25519 in SSH was written by
<contact fullname="Markus Friedl"/>. We are also grateful to <contact fullname="
Mark Baushke"/>, <contact fullname="Benjamin Kaduk"/>, and
<contact fullname="Daniel Migault"/> for their comments.
</t>
</section>
<section anchor="authors-addresses" numbered="false" removeInRFC="false" toc
="include" pn="section-appendix.b">
<name slugifiedName="name-authors-addresses">Authors' Addresses</name>
<author initials="B." surname="Harris" fullname="Ben Harris">
<address>
<postal>
<street>2A Eachard Road</street>
<city>Cambridge</city>
<code>CB3 0HY</code>
<country>United Kingdom</country>
</postal>
<email>bjh21@bjh21.me.uk</email>
</address>
</author>
<author initials="L." surname="Velvindron" fullname="Loganaden Velvindron"
>
<organization showOnFrontPage="true">cyberstorm.mu</organization>
<address>
<postal>
<street>88, Avenue De Plevitz</street>
<city>Roches Brunes</city>
<country>Mauritius</country>
</postal>
<email>logan@cyberstorm.mu</email>
</address>
</author>
</section>
</back>
</rfc> </rfc>
 End of changes. 21 change blocks. 
364 lines changed or deleted 750 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/