P6R's Secure Shell Public Key Subsystem
RFC 7076
Document | Type |
RFC - Informational
(November 2013; No errata)
Was draft-joseph-pkix-p6rsshextension (individual)
|
|
---|---|---|---|
Last updated | 2018-12-20 | ||
Replaces | draft-joseph-pkix-sshextension | ||
Stream | ISE | ||
Formats | plain text pdf htmlized bibtex | ||
IETF conflict review | conflict-review-joseph-pkix-p6rsshextension | ||
Stream | ISE state | Published RFC | |
Consensus Boilerplate | Unknown | ||
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 7076 (Informational) | |
Telechat date | |||
Responsible AD | (None) | ||
Send notices to | (None) |
Independent Submission M. Joseph Request for Comments: 7076 J. Susoy Category: Informational P6R, Inc ISSN: 2070-1721 November 2013 P6R's Secure Shell Public Key Subsystem Abstract The Secure Shell (SSH) Public Key Subsystem protocol defines a key distribution protocol that is limited to provisioning an SSH server with a user's public keys. This document describes a new protocol that builds on the protocol defined in RFC 4819 to allow the provisioning of keys and certificates to a server using the SSH transport. The new protocol allows the calling client to organize keys and certificates in different namespaces on a server. These namespaces can be used by the server to allow a client to configure any application running on the server (e.g., SSH, Key Management Interoperability Protocol (KMIP), Simple Network Management Protocol (SNMP)). The new protocol provides a server-independent mechanism for clients to add public keys, remove public keys, add certificates, remove certificates, and list the current set of keys and certificates known by the server by namespace (e.g., list all public keys in the SSH namespace). Rights to manage keys and certificates in a particular namespace are specific and limited to the authorized user and are defined as part of the server's implementation. The described protocol is backward compatible to version 2 defined by RFC 4819. Status of This Memo This document is not an Internet Standards Track specification; it is published for informational purposes. This is a contribution to the RFC Series, independently of any other RFC stream. The RFC Editor has chosen to publish this document at its discretion and makes no statement about its value for implementation or deployment. Documents approved for publication by the RFC Editor are not a candidate for any level of Internet Standard; see Section 2 of RFC 5741. Joseph & Susoy Informational [Page 1] RFC 7076 P6R's Secure Shell Public Key Subsystem November 2013 Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7076. Copyright Notice Copyright (c) 2013 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Table of Contents 1. Introduction ....................................................3 2. Terminology .....................................................3 3. Overview of Extensions to the Public Key Subsystem ..............3 3.1. Extended Status Codes ......................................4 3.2. The Version Packet .........................................4 3.3. The Namespace Attribute ....................................4 4. New Operations ..................................................5 4.1. Adding a Certificate .......................................5 4.2. Removing a Certificate .....................................6 4.3. Listing Certificates .......................................6 4.4. Listing Namespaces .........................................7 5. Extending Public Key Operations .................................8 5.1. Adding a Public Key ........................................8 5.2. Removing a Public Key ......................................8 5.3. Listing Public Keys ........................................9 6. Security Considerations .........................................9 7. IANA Considerations ............................................10 8. References .....................................................10 8.1. Normative References ......................................10 8.2. Informative References ....................................10 Joseph & Susoy Informational [Page 2] RFC 7076 P6R's Secure Shell Public Key Subsystem November 2013 1. Introduction This document describes a new protocol that builds on the protocol defined in RFC 4819 that can be used to configure public keys and certificates in an implementation-independent fashion. The concept of a namespace is added to the protocol's operations; it allows the client to organize keys and certificates by application or organizational structure. P6R's Secure Shell Public Key Subsystem has been designed to run onShow full document text