draft-ietf-secsh-transport-17.2.ps

来自「OTP是开放电信平台的简称」· PS 代码 · 共 2,068 行 · 第 1/5 页

5 492 M
(   algorithms. Each side has a preferred algorithm in each category, and) s
5 481 M
(   it is assumed that most implementations at any given time will use) s
5 470 M
(   the same preferred algorithm.  Each side MAY guess which algorithm) s
5 459 M
(   the other side is using, and MAY send an initial key exchange packet) s
5 448 M
(   according to the algorithm if appropriate for the preferred method.) s
5 426 M
(   Guess is considered wrong, if:) s
5 415 M
(   o  the kex algorithm and/or the host key algorithm is guessed wrong) s
5 404 M
(      \(server and client have different preferred algorithm\), or) s
5 393 M
(   o  if any of the other algorithms cannot be agreed upon \(the) s
5 382 M
(      procedure is defined below in Section Section 6.1\).) s
5 360 M
(   Otherwise, the guess is considered to be right and the optimistically) s
5 349 M
(   sent packet MUST be handled as the first key exchange packet.) s
5 327 M
(   However, if the guess was wrong, and a packet was optimistically sent) s
5 316 M
(   by one or both parties, such packets MUST be ignored \(even if the) s
5 305 M
(   error in the guess would not affect the contents of the initial) s
5 294 M
(   packet\(s\)\), and the appropriate side MUST send the correct initial) s
5 283 M
(   packet.) s
5 261 M
(   Server authentication in the key exchange MAY be implicit.  After a) s
5 250 M
(   key exchange with implicit server authentication, the client MUST) s
5 239 M
(   wait for response to its service request message before sending any) s
5 228 M
(   further data.) s
5 206 M
(6.1 Algorithm Negotiation) s
5 184 M
(   Key exchange begins by each side sending the following packet:) s
5 129 M
(Ylonen & Moffat, Editor    Expires March 31, 2004              [Page 13]) s
_R
S
PStoPSsaved restore
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
595.000000 421.271378 translate
90 rotate
0.706651 dup scale
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
_S
75 0 translate
/pagenum 14 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
%%EndPageSetup
5 723 M
(Internet-Draft        SSH Transport Layer Protocol              Oct 2003) s
5 690 M
(     byte      SSH_MSG_KEXINIT) s
5 679 M
(     byte[16]  cookie \(random bytes\)) s
5 668 M
(     string    kex_algorithms) s
5 657 M
(     string    server_host_key_algorithms) s
5 646 M
(     string    encryption_algorithms_client_to_server) s
5 635 M
(     string    encryption_algorithms_server_to_client) s
5 624 M
(     string    mac_algorithms_client_to_server) s
5 613 M
(     string    mac_algorithms_server_to_client) s
5 602 M
(     string    compression_algorithms_client_to_server) s
5 591 M
(     string    compression_algorithms_server_to_client) s
5 580 M
(     string    languages_client_to_server) s
5 569 M
(     string    languages_server_to_client) s
5 558 M
(     boolean   first_kex_packet_follows) s
5 547 M
(     uint32    0 \(reserved for future extension\)) s
5 525 M
(   Each of the algorithm strings MUST be a comma-separated list of) s
5 514 M
(   algorithm names \(see ''Algorithm Naming'' in [SSH-ARCH]\). Each) s
5 503 M
(   supported \(allowed\) algorithm MUST be listed in order of preference.) s
5 481 M
(   The first algorithm in each list MUST be the preferred \(guessed\)) s
5 470 M
(   algorithm.  Each string MUST contain at least one algorithm name.) s
5 437 M
(      cookie) s
5 426 M
(         The cookie MUST be a random value generated by the sender.  Its) s
5 415 M
(         purpose is to make it impossible for either side to fully) s
5 404 M
(         determine the keys and the session identifier.) s
5 382 M
(      kex_algorithms) s
5 371 M
(         Key exchange algorithms were defined above.  The first) s
5 360 M
(         algorithm MUST be the preferred \(and guessed\) algorithm.  If) s
5 349 M
(         both sides make the same guess, that algorithm MUST be used.) s
5 338 M
(         Otherwise, the following algorithm MUST be used to choose a key) s
5 327 M
(         exchange method: iterate over client's kex algorithms, one at a) s
5 316 M
(         time.  Choose the first algorithm that satisfies the following) s
5 305 M
(         conditions:) s
5 294 M
(         +  the server also supports the algorithm,) s
5 283 M
(         +  if the algorithm requires an encryption-capable host key,) s
5 272 M
(            there is an encryption-capable algorithm on the server's) s
5 261 M
(            server_host_key_algorithms that is also supported by the) s
5 250 M
(            client, and) s
5 239 M
(         +  if the algorithm requires a signature-capable host key,) s
5 228 M
(            there is a signature-capable algorithm on the server's) s
5 217 M
(            server_host_key_algorithms that is also supported by the) s
5 206 M
(            client.) s
5 195 M
(         +  If no algorithm satisfying all these conditions can be) s
5 184 M
(            found, the connection fails, and both sides MUST disconnect.) s
5 129 M
(Ylonen & Moffat, Editor    Expires March 31, 2004              [Page 14]) s
_R
S
PStoPSsaved restore
%%Page: (14,15) 8
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
595.000000 0.271378 translate
90 rotate
0.706651 dup scale
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
/showpage{}def/copypage{}def/erasepage{}def
PStoPSxform concat
%%BeginPageSetup
_S
75 0 translate
/pagenum 15 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
%%EndPageSetup
5 723 M
(Internet-Draft        SSH Transport Layer Protocol              Oct 2003) s
5 690 M
(      server_host_key_algorithms) s
5 679 M
(         List of the algorithms supported for the server host key.  The) s
5 668 M
(         server lists the algorithms for which it has host keys; the) s
5 657 M
(         client lists the algorithms that it is willing to accept.) s
5 646 M
(         \(There MAY be multiple host keys for a host, possibly with) s
5 635 M
(         different algorithms.\)) s
5 613 M
(         Some host keys may not support both signatures and encryption) s
5 602 M
(         \(this can be determined from the algorithm\), and thus not all) s
5 591 M
(         host keys are valid for all key exchange methods.) s
5 569 M
(         Algorithm selection depends on whether the chosen key exchange) s
5 558 M
(         algorithm requires a signature or encryption capable host key.) s
5 547 M
(         It MUST be possible to determine this from the public key) s
5 536 M
(         algorithm name.  The first algorithm on the client's list that) s
5 525 M
(         satisfies the requirements and is also supported by the server) s
5 514 M
(         MUST be chosen.  If there is no such algorithm, both sides MUST) s
5 503 M
(         disconnect.) s
5 481 M
(      encryption_algorithms) s
5 470 M
(         Lists the acceptable symmetric encryption algorithms in order) s
5 459 M
(         of preference.  The chosen encryption algorithm to each) s
5 448 M
(         direction MUST be the first algorithm  on the client's list) s
5 437 M
(         that is also on the server's list. If there is no such) s
5 426 M
(         algorithm, both sides MUST disconnect.) s
5 404 M
(         Note that "none" must be explicitly listed if it is to be) s
5 393 M
(         acceptable.  The defined algorithm names are listed in Section) s
5 382 M
(         Section 5.3.) s
5 360 M
(      mac_algorithms) s
5 349 M
(         Lists the acceptable MAC algorithms in order of preference.) s
5 338 M
(         The chosen MAC algorithm MUST be the first algorithm on the) s
5 327 M
(         client's list that is also on the server's list.  If there is) s
5 316 M
(         no such algorithm, both sides MUST disconnect.) s
5 294 M
(         Note that "none" must be explicitly listed if it is to be) s
5 283 M
(         acceptable.  The MAC algorithm names are listed in Section) s
5 272 M
(         Figure 1.) s
5 250 M
(      compression_algorithms) s
5 239 M
(         Lists the acceptable compression algorithms in order of) s
5 228 M
(         preference. The chosen compression algorithm MUST be the first) s
5 217 M
(         algorithm on the client's list that is also on the server's) s
5 206 M
(         list.  If there is no such algorithm, both sides MUST) s
5 195 M
(         disconnect.) s
5 129 M
(Ylonen & Moffat, Editor    Expires March 31, 2004              [Page 15]) s
_R
S
PStoPSsaved restore
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
595.000000 421.271378 translate
90 rotate
0.706651 dup scale
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
_S
75 0 translate
/pagenum 16 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
%%EndPageSetup
5 723 M
(Internet-Draft        SSH Transport Layer Protocol              Oct 2003) s
5 690 M
(         Note that "none" must be explicitly listed if it is to be) s
5 679 M
(         acceptable.  The compression algorithm names are listed in) s
5 668 M
(         Section Section 5.2.) s
5 646 M
(      languages) s
5 635 M
(         This is a comma-separated list of language tags in order of) s
5 624 M
(         preference [RFC3066]. Both parties MAY ignore this list. If) s
5 613 M
(         there are no language preferences, this list SHOULD be empty.) s
5 602 M
(         Language tags SHOULD NOT be present unless they are known to be) s
5 591 M
(         needed by the sending party.) s
5 569 M
(      first_kex_packet_follows) s
5 558 M
(         Indicates whether a guessed key exchange packet follows.  If a) s
5 547 M
(         guessed packet will be sent, this MUST be TRUE.  If no guessed) s
5 536 M
(         packet will be sent, this MUST be FALSE.) s
5 514 M
(         After receiving the SSH_MSG_KEXINIT packet from the other side,) s
5 503 M
(         each party will know whether their guess was right.  If the) s
5 492 M
(         other party's guess was wrong, and this field was TRUE, the) s
5 481 M
(         next packet MUST be silently ignored, and both sides MUST then) s
5 470 M
(         act as determined by the negotiated key exchange method.  If) s
5 459 M
(         the guess was right, key exchange MUST continue using the) s
5 448 M
(         guessed packet.) s
5 426 M
(   After the KEXINIT packet exchange, the key exchange algorithm is run.) s
5 415 M
(   It may involve several packet exchanges, as specified by the key) s
5 404 M
(   exchange method.) s
5 382 M
(6.2 Output from Key Exchange) s
5 360 M
(   The key exchange produces two values: a shared secret K, and an) s
5 349 M
(   exchange hash H.  Encryption and authentication keys are derived from) s
5 338 M
(   these. The exchange hash H from the first key exchange is) s
5 327 M
(   additionally used as the session identifier, which is a unique) s
5 316 M
(   identifier for this connection.  It is used by authentication methods) s
5 305 M
(   as a part of the data that is signed as a proof of possession of a) s
5 294 M
(   private key.  Once computed, the session identifier is not changed,) s
5 283 M
(   even if keys are later re-exchanged.) s
5 250 M
(   Each key exchange method specifies a hash function that is used in) s
5 239 M
(   the key exchange.  The same hash algorithm MUST be used in key) s
5 228 M
(   derivation. Here, we'll call it HASH.) s
5 195 M
(   Encryption keys MUST be computed as HASH of a known value and K as) s
5 184 M
(   follows:) s
5 129 M
(Ylonen & Moffat, Editor    Expires March 31, 2004              [Page 16]) s
_R
S
PStoPSsaved restore
%%Page: (16,17) 9
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
595.000000 0.271378 translate
90 rotate
0.706651 dup scale
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
/showpage{}def/copypage{}def/erasepage{}def
PStoPSxform concat
%%BeginPageSetup
_S
75 0 translate
/pagenum 17 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
%%EndPageSetup
5 723 M
(Internet-Draft        SSH Transport Layer Protocol              Oct 2003) s
5 690 M
(   o  Initial IV client to server: HASH\(K || H || "A" || session_id\)) s
5 679 M
(      \(Here K is encoded as mpint and "A" as byte and session_id as raw) s
5 668 M
(      data."A" means the single character A, ASCII 65\).) s
5 657 M
(   o  Initial IV server to client: HASH\(K || H || "B" || session_id\)) s
5 646 M
(   o  Encryption key client to server: HASH\(K || H || "C" || session_id\)) s
5 635 M
(   o  Encryption key server to client: HASH\(K || H || "D" || session_id\)) s
5 624 M
(   o  Integrity key client to server: HASH\(K || H || "E" || session_id\)) s
5 613 M
(   o  Integrity key server to client: HASH\(K || H || "F" || session_id\)) s
5 591 M
(   Key data MUST be taken from the beginning of the hash output. 128) s
5 580 M
(   bits \(16 bytes\) MUST be used for algorithms with variable-length) s
5 569 M
(   keys. The o