draft-ietf-secsh-transport-17.2.ps

来自「OTP是开放电信平台的简称」· PS 代码 · 共 2,068 行 · 第 1/5 页

/fdir () def
/ftail () def
/user_header_p false def
%%EndPageSetup
5 723 M
(Internet-Draft        SSH Transport Layer Protocol              Oct 2003) s
5 690 M
(   The "aes192-cbc" cipher. Same as above but with 192-bit key.) s
5 668 M
(   The "aes128-cbc" cipher. Same as above but with 128-bit key.) s
5 646 M
(   The "serpent256-cbc" cipher in CBC mode, with 256-bit key as) s
5 635 M
(   described in the Serpent AES submission.) s
5 613 M
(   The "serpent192-cbc" cipher. Same as above but with 192-bit key.) s
5 591 M
(   The "serpent128-cbc" cipher. Same as above but with 128-bit key.) s
5 569 M
(   The "arcfour" is the Arcfour stream cipher with 128 bit keys. The) s
5 558 M
(   Arcfour cipher is believed to be compatible with the RC4 cipher) s
5 547 M
(   [SCHNEIER]. RC4 is a registered trademark of RSA Data Security Inc.) s
5 536 M
(   Arcfour \(and RC4\) has problems with weak keys, and should be used) s
5 525 M
(   with caution.) s
5 503 M
(   The "idea-cbc" cipher is the IDEA cipher in CBC mode [SCHNEIER].) s
5 481 M
(   The "cast128-cbc" cipher is the CAST-128 cipher in CBC mode) s
5 470 M
(   [RFC2144].) s
5 448 M
(   The "none" algorithm specifies that no encryption is to be done.) s
5 437 M
(   Note that this method provides no confidentiality protection, and it) s
5 426 M
(   is not recommended.  Some functionality \(e.g. password) s
5 415 M
(   authentication\) may be disabled for security reasons if this cipher) s
5 404 M
(   is chosen.) s
5 382 M
(   Additional methods may be defined as specified in [SSH-ARCH].) s
5 360 M
(5.4 Data Integrity) s
5 338 M
(   Data integrity is protected by including with each packet a message) s
5 327 M
(   authentication code \(MAC\) that is computed from a shared secret,) s
5 316 M
(   packet sequence number, and the contents of the packet.) s
5 294 M
(   The message authentication algorithm and key are negotiated during) s
5 283 M
(   key exchange.  Initially, no MAC will be in effect, and its length) s
5 272 M
(   MUST be zero.  After key exchange, the selected MAC will be computed) s
5 261 M
(   before encryption from the concatenation of packet data:) s
5 239 M
(     mac = MAC\(key, sequence_number || unencrypted_packet\)) s
5 217 M
(   where unencrypted_packet is the entire packet without MAC \(the length) s
5 206 M
(   fields, payload and padding\), and sequence_number is an implicit) s
5 195 M
(   packet sequence number represented as uint32.  The sequence number is) s
5 184 M
(   initialized to zero for the first packet, and is incremented after) s
5 173 M
(   every packet \(regardless of whether encryption or MAC is in use\).  It) s
5 129 M
(Ylonen & Moffat, Editor    Expires March 31, 2004               [Page 9]) s
_R
S
PStoPSsaved restore
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
595.000000 421.271378 translate
90 rotate
0.706651 dup scale
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
_S
75 0 translate
/pagenum 10 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
%%EndPageSetup
5 723 M
(Internet-Draft        SSH Transport Layer Protocol              Oct 2003) s
5 690 M
(   is never reset, even if keys/algorithms are renegotiated later.  It) s
5 679 M
(   wraps around to zero after every 2^32 packets. The packet sequence) s
5 668 M
(   number itself is not included in the packet sent over the wire.) s
5 646 M
(   The MAC algorithms for each direction MUST run independently, and) s
5 635 M
(   implementations MUST allow choosing the algorithm independently for) s
5 624 M
(   both directions.) s
5 602 M
(   The MAC bytes resulting from the MAC algorithm MUST be transmitted) s
5 591 M
(   without encryption as the last part of the packet.  The number of MAC) s
5 580 M
(   bytes depends on the algorithm chosen.) s
5 558 M
(   The following MAC algorithms are currently defined:) s
5 536 M
(     hmac-sha1    REQUIRED        HMAC-SHA1 \(digest length = key) s
5 525 M
(                                  length = 20\)) s
5 514 M
(     hmac-sha1-96 RECOMMENDED     first 96 bits of HMAC-SHA1 \(digest) s
5 503 M
(                                  length = 12, key length = 20\)) s
5 492 M
(     hmac-md5     OPTIONAL        HMAC-MD5 \(digest length = key) s
5 481 M
(                                  length = 16\)) s
5 470 M
(     hmac-md5-96  OPTIONAL        first 96 bits of HMAC-MD5 \(digest) s
5 459 M
(                                  length = 12, key length = 16\)) s
5 448 M
(     none         OPTIONAL        no MAC; NOT RECOMMENDED) s
5 426 M
(                                Figure 1) s
5 404 M
(   The "hmac-*" algorithms are described in [RFC2104] The "*-n" MACs use) s
5 393 M
(   only the first n bits of the resulting value.) s
5 371 M
(   The hash algorithms are described in [SCHNEIER].) s
5 349 M
(   Additional methods may be defined as specified in [SSH-ARCH].) s
5 327 M
(5.5 Key Exchange Methods) s
5 305 M
(   The key exchange method specifies how one-time session keys are) s
5 294 M
(   generated for encryption and for authentication, and how the server) s
5 283 M
(   authentication is done.) s
5 261 M
(   Only one REQUIRED key exchange method has been defined:) s
5 239 M
(     diffie-hellman-group1-sha1       REQUIRED) s
5 217 M
(   This method is described later in this document.) s
5 195 M
(   Additional methods may be defined as specified in [SSH-ARCH].) s
5 129 M
(Ylonen & Moffat, Editor    Expires March 31, 2004              [Page 10]) s
_R
S
PStoPSsaved restore
%%Page: (10,11) 6
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
595.000000 0.271378 translate
90 rotate
0.706651 dup scale
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
/showpage{}def/copypage{}def/erasepage{}def
PStoPSxform concat
%%BeginPageSetup
_S
75 0 translate
/pagenum 11 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
%%EndPageSetup
5 723 M
(Internet-Draft        SSH Transport Layer Protocol              Oct 2003) s
5 690 M
(5.6 Public Key Algorithms) s
5 668 M
(   This protocol has been designed to be able to operate with almost any) s
5 657 M
(   public key format, encoding, and algorithm \(signature and/or) s
5 646 M
(   encryption\).) s
5 624 M
(   There are several aspects that define a public key type:) s
5 613 M
(   o  Key format: how is the key encoded and how are certificates) s
5 602 M
(      represented.  The key blobs in this protocol MAY contain) s
5 591 M
(      certificates in addition to keys.) s
5 580 M
(   o  Signature and/or encryption algorithms.  Some key types may not) s
5 569 M
(      support both signing and encryption.  Key usage may also be) s
5 558 M
(      restricted by policy statements in e.g. certificates.  In this) s
5 547 M
(      case, different key types SHOULD be defined for the different) s
5 536 M
(      policy alternatives.) s
5 525 M
(   o  Encoding of signatures and/or encrypted data. This includes but is) s
5 514 M
(      not limited to padding, byte order, and data formats.) s
5 492 M
(   The following public key and/or certificate formats are currently defined:) s
5 470 M
(   ssh-dss              REQUIRED     sign    Raw DSS Key) s
5 459 M
(   ssh-rsa              RECOMMENDED  sign    Raw RSA Key) s
5 448 M
(   x509v3-sign-rsa      OPTIONAL     sign    X.509 certificates \(RSA key\)) s
5 437 M
(   x509v3-sign-dss      OPTIONAL     sign    X.509 certificates \(DSS key\)) s
5 426 M
(   spki-sign-rsa        OPTIONAL     sign    SPKI certificates \(RSA key\)) s
5 415 M
(   spki-sign-dss        OPTIONAL     sign    SPKI certificates \(DSS key\)) s
5 404 M
(   pgp-sign-rsa         OPTIONAL     sign    OpenPGP certificates \(RSA key\)) s
5 393 M
(   pgp-sign-dss         OPTIONAL     sign    OpenPGP certificates \(DSS key\)) s
5 371 M
(   Additional key types may be defined as specified in [SSH-ARCH].) s
5 349 M
(   The key type MUST always be explicitly known \(from algorithm) s
5 338 M
(   negotiation or some other source\).  It is not normally included in) s
5 327 M
(   the key blob.) s
5 305 M
(   Certificates and public keys are encoded as follows:) s
5 283 M
(     string   certificate or public key format identifier) s
5 272 M
(     byte[n]  key/certificate data) s
5 250 M
(   The certificate part may have be a zero length string, but a public) s
5 239 M
(   key is required. This is the public key that will be used for) s
5 228 M
(   authentication; the certificate sequence contained in the certificate) s
5 217 M
(   blob can be used to provide authorization.) s
5 195 M
(   Public key / certifcate formats that do not explicitly specify a) s
5 184 M
(   signature format identifier MUST use the public key / certificate) s
5 173 M
(   format identifier as the signature identifier.) s
5 129 M
(Ylonen & Moffat, Editor    Expires March 31, 2004              [Page 11]) s
_R
S
PStoPSsaved restore
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
595.000000 421.271378 translate
90 rotate
0.706651 dup scale
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
_S
75 0 translate
/pagenum 12 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
%%EndPageSetup
5 723 M
(Internet-Draft        SSH Transport Layer Protocol              Oct 2003) s
5 690 M
(   Signatures are encoded as follows:) s
5 679 M
(     string    signature format identifier \(as specified by the) s
5 668 M
(               public key / cert format\)) s
5 657 M
(     byte[n]   signature blob in format specific encoding.) s
5 624 M
(   The "ssh-dss" key format has the following specific encoding:) s
5 602 M
(     string    "ssh-dss") s
5 591 M
(     mpint     p) s
5 580 M
(     mpint     q) s
5 569 M
(     mpint     g) s
5 558 M
(     mpint     y) s
5 536 M
(   Here the p, q, g, and y parameters form the signature key blob.) s
5 514 M
(   Signing and verifying using this key format is done according to the) s
5 503 M
(   Digital Signature Standard [FIPS-186] using the SHA-1 hash. A) s
5 492 M
(   description can also be found in [SCHNEIER].) s
5 470 M
(   The resulting signature is encoded as follows:) s
5 448 M
(     string    "ssh-dss") s
5 437 M
(     string    dss_signature_blob) s
5 415 M
(   dss_signature_blob is encoded as a string containing r followed by s) s
5 404 M
(   \(which are 160 bits long integers, without lengths or padding,) s
5 393 M
(   unsigned and in network byte order\).) s
5 371 M
(   The "ssh-rsa" key format has the following specific encoding:) s
5 349 M
(     string    "ssh-rsa") s
5 338 M
(     mpint     e) s
5 327 M
(     mpint     n) s
5 305 M
(   Here the e and n parameters form the signature key blob.) s
5 283 M
(   Signing and verifying using this key format is done according to) s
5 272 M
(   [SCHNEIER] and [PKCS1] using the SHA-1 hash.) s
5 250 M
(   The resulting signature is encoded as follows:) s
5 228 M
(     string    "ssh-rsa") s
5 217 M
(     string    rsa_signature_blob) s
5 195 M
(   rsa_signature_blob is encoded as a string containing s \(which is an) s
5 184 M
(   integer, without lengths or padding, unsigned and in network byte) s
5 173 M
(   order\).) s
5 129 M
(Ylonen & Moffat, Editor    Expires March 31, 2004              [Page 12]) s
_R
S
PStoPSsaved restore
%%Page: (12,13) 7
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
595.000000 0.271378 translate
90 rotate
0.706651 dup scale
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
/showpage{}def/copypage{}def/erasepage{}def
PStoPSxform concat
%%BeginPageSetup
_S
75 0 translate
/pagenum 13 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
%%EndPageSetup
5 723 M
(Internet-Draft        SSH Transport Layer Protocol              Oct 2003) s
5 690 M
(   The "spki-sign-rsa" method indicates that the certificate blob) s
5 679 M
(   contains a sequence of SPKI certificates. The format of SPKI) s
5 668 M
(   certificates is described in [RFC2693]. This method indicates that) s
5 657 M
(   the key \(or one of the keys in the certificate\) is an RSA-key.) s
5 635 M
(   The "spki-sign-dss". As above, but indicates that the key \(or one of) s
5 624 M
(   the keys in the certificate\) is a DSS-key.) s
5 602 M
(   The "pgp-sign-rsa" method indicates the certificates, the public key,) s
5 591 M
(   and the signature are in OpenPGP compatible binary format) s
5 580 M
(   \([RFC2440]\). This method indicates that the key is an RSA-key.) s
5 558 M
(   The "pgp-sign-dss". As above, but indicates that the key is a) s
5 547 M
(   DSS-key.) s
5 525 M
(6. Key Exchange) s
5 503 M
(   Key exchange begins by each side sending lists of supported) s