Commercial National Security Algorithm (CNSA) Suite Cryptography for Secure Shell (SSH)

The information below is for an old version of the document
Document Type Expired Internet-Draft (individual)
Authors Nicholas Gajcowski  , Michael Jenkins 
Last updated 2021-03-20 (latest revision 2020-08-14)
Stream Independent Submission
Expired & archived
pdf htmlized bibtex
Additional Resources
Stream ISE state Response to Review Needed
Revised I-D Needed
Consensus Boilerplate Unknown
Document shepherd Adrian Farrel
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to Adrian Farrel <>

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


The United States Government has published the NSA Commercial National Security Algorithm (CNSA) Suite, which defines cryptographic algorithm policy for national security applications. This document specifies the conventions for using the United States National Security Agency's CNSA Suite algorithms with the Secure Shell Transport Layer Protocol and the Secure Shell Authentication Protocol. It applies to the capabilities, configuration, and operation of all components of US National Security Systems that employ IPSec. US National Security Systems are described in NIST Special Publication 800-59. It is also appropriate for all other US Government systems that process high-value information. It is made publicly available for use by developers and operators of these and any other system deployments.


Nicholas Gajcowski (
Michael Jenkins (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)