draft-ietf-secsh-transport-17.2.ps

来自「OTP是开放电信平台的简称」· PS 代码 · 共 2,068 行 · 第 1/5 页

/fdir () def
/ftail () def
/user_header_p false def
%%EndPageSetup
5 723 M
(Internet-Draft        SSH Transport Layer Protocol              Oct 2003) s
5 690 M
(   way that is compatible with the installed SSH clients and servers) s
5 679 M
(   that use an older version of the protocol.  Information in this) s
5 668 M
(   section is only relevant for implementations supporting compatibility) s
5 657 M
(   with SSH versions 1.x.  There is no standards track or informational) s
5 646 M
(   draft available that defines the SSH 1.x protocol.  The only known) s
5 635 M
(   documentation of the 1.x protocol is contained in README files that) s
5 624 M
(   are shipped along with the source code.) s
5 602 M
(4.3.1 Old Client, New Server) s
5 580 M
(   Server implementations MAY support a configurable "compatibility") s
5 569 M
(   flag that enables compatibility with old versions.  When this flag is) s
5 558 M
(   on, the server SHOULD identify its protocol version as "1.99".) s
5 547 M
(   Clients using protocol 2.0 MUST be able to identify this as identical) s
5 536 M
(   to "2.0".  In this mode the server SHOULD NOT send the carriage) s
5 525 M
(   return character \(ASCII 13\) after the version identification string.) s
5 503 M
(   In the compatibility mode the server SHOULD NOT send any further data) s
5 492 M
(   after its initialization string until it has received an) s
5 481 M
(   identification string from the client.  The server can then determine) s
5 470 M
(   whether the client is using an old protocol, and can revert to the) s
5 459 M
(   old protocol if required.  In the compatibility mode, the server MUST) s
5 448 M
(   NOT send additional data before the version string.) s
5 426 M
(   When compatibility with old clients is not needed, the server MAY) s
5 415 M
(   send its initial key exchange data immediately after the) s
5 404 M
(   identification string.) s
5 382 M
(4.3.2 New Client, Old Server) s
5 360 M
(   Since the new client MAY immediately send additional data after its) s
5 349 M
(   identification string \(before receiving server's identification\), the) s
5 338 M
(   old protocol may already have been corrupted when the client learns) s
5 327 M
(   that the server is old.  When this happens, the client SHOULD close) s
5 316 M
(   the connection to the server, and reconnect using the old protocol.) s
5 294 M
(5. Binary Packet Protocol) s
5 272 M
(   Each packet is in the following format:) s
5 250 M
(     uint32    packet_length) s
5 239 M
(     byte      padding_length) s
5 228 M
(     byte[n1]  payload; n1 = packet_length - padding_length - 1) s
5 217 M
(     byte[n2]  random padding; n2 = padding_length) s
5 206 M
(     byte[m]   mac \(message authentication code\); m = mac_length) s
5 184 M
(      packet_length) s
5 129 M
(Ylonen & Moffat, Editor    Expires March 31, 2004               [Page 5]) s
_R
S
PStoPSsaved restore
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
595.000000 421.271378 translate
90 rotate
0.706651 dup scale
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
_S
75 0 translate
/pagenum 6 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
%%EndPageSetup
5 723 M
(Internet-Draft        SSH Transport Layer Protocol              Oct 2003) s
5 690 M
(         The length of the packet \(bytes\), not including MAC or the) s
5 679 M
(         packet_length field itself.) s
5 657 M
(      padding_length) s
5 646 M
(         Length of padding \(bytes\).) s
5 624 M
(      payload) s
5 613 M
(         The useful contents of the packet.  If compression has been) s
5 602 M
(         negotiated, this field is compressed.  Initially, compression) s
5 591 M
(         MUST be "none".) s
5 569 M
(      random padding) s
5 558 M
(         Arbitrary-length padding, such that the total length of) s
5 547 M
(         \(packet_length || padding_length || payload || padding\) is a) s
5 536 M
(         multiple of the cipher block size or 8, whichever is larger.) s
5 525 M
(         There MUST be at least four bytes of padding.  The padding) s
5 514 M
(         SHOULD consist of random bytes.  The maximum amount of padding) s
5 503 M
(         is 255 bytes.) s
5 481 M
(      mac) s
5 470 M
(         Message authentication code.  If message authentication has) s
5 459 M
(         been negotiated, this field contains the MAC bytes.  Initially,) s
5 448 M
(         the MAC algorithm MUST be "none".) s
5 415 M
(   Note that length of the concatenation of packet length, padding) s
5 404 M
(   length, payload, and padding MUST be a multiple of the cipher block) s
5 393 M
(   size or 8, whichever is larger.  This constraint MUST be enforced) s
5 382 M
(   even when using stream ciphers.  Note that the packet length field is) s
5 371 M
(   also encrypted, and processing it requires special care when sending) s
5 360 M
(   or receiving packets.) s
5 338 M
(   The minimum size of a packet is 16 \(or the cipher block size,) s
5 327 M
(   whichever is larger\) bytes \(plus MAC\); implementations SHOULD decrypt) s
5 316 M
(   the length after receiving the first 8 \(or cipher block size,) s
5 305 M
(   whichever is larger\) bytes of a packet.) s
5 283 M
(5.1 Maximum Packet Length) s
5 261 M
(   All implementations MUST be able to process packets with uncompressed) s
5 250 M
(   payload length of 32768 bytes or less and total packet size of 35000) s
5 239 M
(   bytes or less \(including length, padding length, payload, padding,) s
5 228 M
(   and MAC.\). The maximum of 35000 bytes is an arbitrary chosen value) s
5 217 M
(   larger than uncompressed size. Implementations SHOULD support longer) s
5 206 M
(   packets, where they might be needed, e.g. if an implementation wants) s
5 195 M
(   to send a very large number of certificates.  Such packets MAY be) s
5 184 M
(   sent if the version string indicates that the other party is able to) s
5 173 M
(   process them. However, implementations SHOULD check that the packet) s
5 129 M
(Ylonen & Moffat, Editor    Expires March 31, 2004               [Page 6]) s
_R
S
PStoPSsaved restore
%%Page: (6,7) 4
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
595.000000 0.271378 translate
90 rotate
0.706651 dup scale
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
/showpage{}def/copypage{}def/erasepage{}def
PStoPSxform concat
%%BeginPageSetup
_S
75 0 translate
/pagenum 7 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
%%EndPageSetup
5 723 M
(Internet-Draft        SSH Transport Layer Protocol              Oct 2003) s
5 690 M
(   length is reasonable for the implementation to avoid) s
5 679 M
(   denial-of-service and/or buffer overflow attacks.) s
5 657 M
(5.2 Compression) s
5 635 M
(   If compression has been negotiated, the payload field \(and only it\)) s
5 624 M
(   will be compressed using the negotiated algorithm. The length field) s
5 613 M
(   and MAC will be computed from the compressed payload. Encryption will) s
5 602 M
(   be done after compression.) s
5 580 M
(   Compression MAY be stateful, depending on the method. Compression) s
5 569 M
(   MUST be independent for each direction, and implementations MUST) s
5 558 M
(   allow independently choosing the algorithm for each direction.) s
5 536 M
(   The following compression methods are currently defined:) s
5 514 M
(     none     REQUIRED        no compression) s
5 503 M
(     zlib     OPTIONAL        ZLIB \(LZ77\) compression) s
5 481 M
(   The "zlib" compression is described in [RFC1950] and in [RFC1951].) s
5 470 M
(   The compression context is initialized after each key exchange, and) s
5 459 M
(   is passed from one packet to the next with only a partial flush being) s
5 448 M
(   performed at the end of each packet. A partial flush means that the) s
5 437 M
(   current compressed block is ended and all data will be output. If the) s
5 426 M
(   current block is not a stored block, one or more empty blocks are) s
5 415 M
(   added after the current block to ensure that there are at least 8) s
5 404 M
(   bits counting from the start of the end-of-block code of the current) s
5 393 M
(   block to the end of the packet payload.) s
5 371 M
(   Additional methods may be defined as specified in [SSH-ARCH].) s
5 349 M
(5.3 Encryption) s
5 327 M
(   An encryption algorithm and a key will be negotiated during the key) s
5 316 M
(   exchange.  When encryption is in effect, the packet length, padding) s
5 305 M
(   length, payload and padding fields of each packet MUST be encrypted) s
5 294 M
(   with the given algorithm.) s
5 272 M
(   The encrypted data in all packets sent in one direction SHOULD be) s
5 261 M
(   considered a single data stream.  For example, initialization vectors) s
5 250 M
(   SHOULD be passed from the end of one packet to the beginning of the) s
5 239 M
(   next packet. All ciphers SHOULD use keys with an effective key length) s
5 228 M
(   of 128 bits or more.) s
5 206 M
(   The ciphers in each direction MUST run independently of each other,) s
5 195 M
(   and implementations MUST allow independently choosing the algorithm) s
5 184 M
(   for each direction \(if multiple algorithms are allowed by local) s
5 173 M
(   policy\).) s
5 129 M
(Ylonen & Moffat, Editor    Expires March 31, 2004               [Page 7]) s
_R
S
PStoPSsaved restore
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
595.000000 421.271378 translate
90 rotate
0.706651 dup scale
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
_S
75 0 translate
/pagenum 8 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
%%EndPageSetup
5 723 M
(Internet-Draft        SSH Transport Layer Protocol              Oct 2003) s
5 690 M
(   The following ciphers are currently defined:) s
5 668 M
(     3des-cbc         REQUIRED          three-key 3DES in CBC mode) s
5 657 M
(     blowfish-cbc     OPTIONALi         Blowfish in CBC mode) s
5 646 M
(     twofish256-cbc   OPTIONAL          Twofish in CBC mode,) s
5 635 M
(                                        with 256-bit key) s
5 624 M
(     twofish-cbc      OPTIONAL          alias for "twofish256-cbc" \(this) s
5 613 M
(                                        is being retained for) s
5 602 M
(                                        historical reasons\)) s
5 591 M
(     twofish192-cbc   OPTIONAL          Twofish with 192-bit key) s
5 580 M
(     twofish128-cbc   OPTIONAL          Twofish with 128-bit key) s
5 569 M
(     aes256-cbc       OPTIONAL          AES \(Rijndael\) in CBC mode,) s
5 558 M
(                                        with 256-bit key) s
5 547 M
(     aes192-cbc       OPTIONAL          AES with 192-bit key) s
5 536 M
(     aes128-cbc       RECOMMENDED       AES with 128-bit key) s
5 525 M
(     serpent256-cbc   OPTIONAL          Serpent in CBC mode, with) s
5 514 M
(                                        256-bit key) s
5 503 M
(     serpent192-cbc   OPTIONAL          Serpent with 192-bit key) s
5 492 M
(     serpent128-cbc   OPTIONAL          Serpent with 128-bit key) s
5 481 M
(     arcfour          OPTIONAL          the ARCFOUR stream cipher) s
5 470 M
(     idea-cbc         OPTIONAL          IDEA in CBC mode) s
5 459 M
(     cast128-cbc      OPTIONAL          CAST-128 in CBC mode) s
5 448 M
(     none             OPTIONAL          no encryption; NOT RECOMMENDED) s
5 426 M
(   The "3des-cbc" cipher is three-key triple-DES) s
5 415 M
(   \(encrypt-decrypt-encrypt\), where the first 8 bytes of the key are) s
5 404 M
(   used for the first encryption, the next 8 bytes for the decryption,) s
5 393 M
(   and the following 8 bytes for the final encryption.  This requires 24) s
5 382 M
(   bytes of key data \(of which 168 bits are actually used\).  To) s
5 371 M
(   implement CBC mode, outer chaining MUST be used \(i.e., there is only) s
5 360 M
(   one initialization vector\).  This is a block cipher with 8 byte) s
5 349 M
(   blocks.  This algorithm is defined in [FIPS-46-3]) s
5 327 M
(   The "blowfish-cbc" cipher is Blowfish in CBC mode, with 128 bit keys) s
5 316 M
(   [SCHNEIER]. This is a block cipher with 8 byte blocks.) s
5 294 M
(   The "twofish-cbc" or "twofish256-cbc" cipher is Twofish in CBC mode,) s
5 283 M
(   with 256 bit keys as described [TWOFISH]. This is a block cipher with) s
5 272 M
(   16 byte blocks.) s
5 250 M
(   The "twofish192-cbc" cipher. Same as above but with 192-bit key.) s
5 228 M
(   The "twofish128-cbc" cipher. Same as above but with 128-bit key.) s
5 206 M
(   The "aes256-cbc" cipher is AES \(Advanced Encryption Standard\)) s
5 195 M
(   [FIPS-197], formerly Rijndael, in CBC mode. This version uses 256-bit) s
5 184 M
(   key.) s
5 129 M
(Ylonen & Moffat, Editor    Expires March 31, 2004               [Page 8]) s
_R
S
PStoPSsaved restore
%%Page: (8,9) 5
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
595.000000 0.271378 translate
90 rotate
0.706651 dup scale
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
/showpage{}def/copypage{}def/erasepage{}def
PStoPSxform concat
%%BeginPageSetup
_S
75 0 translate
/pagenum 9 def
/fname () def