Shepherd writeup

As required by RFC 4858, this is the current template for the Document 
Shepherd Write-Up.

Changes are expected over time. This version is dated 24 February 2012.

(1) What type of RFC is being requested (BCP, Proposed Standard,
Internet Standard, Informational, Experimental, or Historic)?  Why
is this the proper type of RFC?  Is this type of RFC indicated in the
title page header?

This memo updates RFC 4252 and RFC 4253 to define new public key
  algorithms for use of RSA keys with SHA-2 hashing for server and
  client authentication in SSH connections. This justify a standard track document, 
 as it is required to provide inter-operability. This is indicated in the header.  

(2) The IESG approval announcement includes a Document Announcement
Write-Up. Please provide such a Document Announcement Write-Up. Recent
examples can be found in the "Action" announcements for approved
documents. The approval announcement contains the following sections:

Technical Summary

  Relevant content can frequently be found in the abstract 
  and/or introduction of the document. If not, this may be 
  an indication that there are deficiencies in the abstract 
  or introduction.

This memo updates RFC 4252 and RFC 4253 to define new public key
  algorithms for use of RSA keys with SHA-2 hashing for server and
  client authentication in SSH connections.

Working Group Summary

  Was there anything in WG process that is worth noting? For 
  example, was there controversy about particular points or 
  were there decisions where the consensus was particularly 

One discussion point concerned the use of PSS signature. 
The WG consensus was that they were no plan to implement this,
while pkcs1v1.5 does not present major flows, As a result, it was 
agreed to stay with pkcs1v1.5 for now. This has been clearly explained in section 5.3.

Another discussion was related to draft-ietf-curdle-ssh-ext-info and
interoperability between SSH implementation with that latest extension. The 
discussion is somehow unrelated to this draft except that the draft recommends 
the use of this extension so the client knows in advance the server supports the 
rsa-sha2-* public key algorithms. The motivation is that some servers implements
 a penalties when client use non supported public key algorithms.  
I do not think the discussion affects the current draft as:
* the current draft only provides a recommendation of using  draft-ietf-curdle-ssh-ext-info.
* the current draft provides alternatives ( no penalties, using the new algorithms as default, ...).
* the draft comments the transition to the new algorithms in section 5.2.  

Note that Romen the implementer of PKIX-SSH raised the draft-ietf-curdle-ssh-ext-info
issue and implement the current draft using the defined algorithms as default. 
(cf.  release note of "25 Mar 2017 : Version x509-10.1" .  

new RSA key algorithms
This version supports new public key algorithms: rsa-sha2-256 (default) and rsa-sha2-512. 
Client and agent will use them only if server announce them in one of extensions mentioned

I also believe we have found consensus on the  draft-ietf-curdle-ssh-ext-info draft. 


Document Quality

  Are there existing implementations of the protocol? Have a 
  significant number of vendors indicated their plan to 
  implement the specification? Are there any reviewers that 
  merit special mention as having done a thorough review, 
  e.g., one that resulted in important changes or a 
  conclusion that the document had no substantive issues? If 
  there was a MIB Doctor, Media Type or other expert review, 
  what was its course (briefly)? In the case of a Media Type 
  review, on what date was the request posted?

From the non up-to-date SSH implementation comparison [1], as well from the author/implementer of the draft that the following SSH implementations implement the draft: 
- Bitvise SSH Server and Client
- OpenSSH
- AsyncSSH
- SmartFTP

In addition, Romen the implementer of PKIX-SSH provided significant clarification of the document and the release note of "25 Mar 2017 : Version x509-10.1" suggests PKIX-SSH supports the current draft.  



  Who is the Document Shepherd? Who is the Responsible Area

Daniel Migault is the document shepherd and Eric Rescola is the Security Area Director.

(3) Briefly describe the review of this document that was performed by
the Document Shepherd.  If this version of the document is not ready
for publication, please explain why the document is being forwarded to
the IESG.

I reviewed the document. I think it is ready. 

(4) Does the document Shepherd have any concerns about the depth or
breadth of the reviews that have been performed?


(5) Do portions of the document need review from a particular or from
broader perspective, e.g., security, operational complexity, AAA, DNS,
DHCP, XML, or internationalization? If so, describe the review that
took place.


(6) Describe any specific concerns or issues that the Document Shepherd
has with this document that the Responsible Area Director and/or the
IESG should be aware of? For example, perhaps he or she is uncomfortable
with certain parts of the document, or has concerns whether there really
is a need for it. In any event, if the WG has discussed those issues and
has indicated that it still wishes to advance the document, detail those
concerns here.

This  document does not have any concern. It defines new public key algorithms to 
enable  RSA signature 
using SHA2 instead of SHA1.  The only discussion was regarding the
adoption of PSS or not. As no implementation of pss was planned, the
 WG consensus was to not consider these new schemes.   
(7) Has each author confirmed that any and all appropriate IPR
disclosures required for full conformance with the provisions of BCP 78
and BCP 79 have already been filed. If not, explain why.

Denis Bider confirmed he is not aware of any IPR. 

(8) Has an IPR disclosure been filed that references this document?
If so, summarize any WG discussion and conclusion regarding the IPR

(9) How solid is the WG consensus behind this document? Does it 
represent the strong concurrence of a few individuals, with others
being silent, or does the WG as a whole understand and agree with it?   

The draft had a few reviews from implementers. The working group 
believes the draft is ready for publication.  

(10) Has anyone threatened an appeal or otherwise indicated extreme 
discontent? If so, please summarise the areas of conflict in separate
email messages to the Responsible Area Director. (It should be in a
separate email because this questionnaire is publicly available.) 


(11) Identify any ID nits the Document Shepherd has found in this
document. (See and the Internet-Drafts
Checklist). Boilerplate checks are not enough; this check needs to be

The nits has one comment regarding the copyright section. 

This section is necessary as the current draft provides clarifying material from 
RFC 4253 published in January 2006. In case we have to remove this would not
cause an issue. 

  This document may contain material from IETF Documents or IETF
  Contributions published or made publicly available before November 10,
  2008. The person(s) controlling the copyright in some of this material
  may not have granted the IETF Trust the right to allow modifications
  of such material outside the IETF Standards Process. Without obtaining
  an adequate license from the person(s) controlling the copyright in
  such materials, this document may not be modified outside the IETF
  Standards Process, and derivative works of it may not be created
  outside the IETF Standards Process, except to format it for
  publication as an RFC or to translate it into languages other than

(12) Describe how the document meets any required formal review
criteria, such as the MIB Doctor, media type, and URI type reviews.

This does not apply here. 

(13) Have all references within this document been identified as
either normative or informative?


(14) Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state? If such normative
references exist, what is the plan for their completion?

No. The draft references as informative Bider, D., "Extension Negotiation 
in Secure Shell (SSH)" which will be submitted in parallel. So the RFC 
editor will be able to assign the appropriated RFC number. 

(15) Are there downward normative references references (see RFC 3967)?
If so, list these downward references to support the Area Director in 
the Last Call procedure. 


(16) Will publication of this document change the status of any
existing RFCs? Are those RFCs listed on the title page header, listed
in the abstract, and discussed in the introduction? If the RFCs are not
listed in the Abstract and Introduction, explain why, and point to the
part of the document where the relationship of this document to the
other RFCs is discussed. If this information is not in the document,
explain why the WG considers it unnecessary.

RFCs 4252, 4253 are listed on the title page header, in the abstract, and 
the introduction

(17) Describe the Document Shepherd's review of the IANA considerations
section, especially with regard to its consistency with the body of the
document. Confirm that all protocol extensions that the document makes
are associated with the appropriate reservations in IANA registries.
Confirm that any referenced IANA registries have been clearly
identified. Confirm that newly created IANA registries include a
detailed specification of the initial contents for the registry, that
allocations procedures for future registrations are defined, and a
reasonable name for the new registry has been suggested (see RFC 5226).

The IANA section is clear. It is consistent with the current draft and 
references have been clearly identified. 

(18) List any new IANA registries that require Expert Review for future
allocations. Provide any public guidance that the IESG would find
useful in selecting the IANA Experts for these new registries.

The IANA section details how to update the Public Key Algorithm Names
 registry [2]. Registration requires the IETF consensus. There is no expert review. 


(19) Describe reviews and automated checks performed by the Document
Shepherd to validate sections of the document written in a formal
language, such as XML code, BNF rules, MIB definitions, etc.

This does not apply here.