draft-ietf-secsh-architecture-15.2.ps

OTP是开放电信平台的简称

90 rotate
0.706651 dup scale
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
/showpage{}def/copypage{}def/erasepage{}def
PStoPSxform concat
%%BeginPageSetup
_S
75 0 translate
/pagenum 1 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
%%EndPageSetup
5 701 M
(Network Working Group                                          T. Ylonen) s
5 690 M
(Internet-Draft                          SSH Communications Security Corp) s
5 679 M
(Expires: March 31, 2004                                   D. Moffat, Ed.) s
5 668 M
(                                                   Sun Microsystems, Inc) s
5 657 M
(                                                                Oct 2003) s
5 624 M
(                       SSH Protocol Architecture) s
5 613 M
(                  draft-ietf-secsh-architecture-15.txt) s
5 591 M
(Status of this Memo) s
5 569 M
(   This document is an Internet-Draft and is in full conformance with) s
5 558 M
(   all provisions of Section 10 of RFC2026.) s
5 536 M
(   Internet-Drafts are working documents of the Internet Engineering) s
5 525 M
(   Task Force \(IETF\), its areas, and its working groups. Note that other) s
5 514 M
(   groups may also distribute working documents as Internet-Drafts.) s
5 492 M
(   Internet-Drafts are draft documents valid for a maximum of six months) s
5 481 M
(   and may be updated, replaced, or obsoleted by other documents at any) s
5 470 M
(   time. It is inappropriate to use Internet-Drafts as reference) s
5 459 M
(   material or to cite them other than as "work in progress.") s
5 437 M
(   The list of current Internet-Drafts can be accessed at http://) s
5 426 M
(   www.ietf.org/ietf/1id-abstracts.txt.) s
5 404 M
(   The list of Internet-Draft Shadow Directories can be accessed at) s
5 393 M
(   http://www.ietf.org/shadow.html.) s
5 371 M
(   This Internet-Draft will expire on March 31, 2004.) s
5 349 M
(Copyright Notice) s
5 327 M
(   Copyright \(C\) The Internet Society \(2003\). All Rights Reserved.) s
5 305 M
(Abstract) s
5 283 M
(   SSH is a protocol for secure remote login and other secure network) s
5 272 M
(   services over an insecure network. This document describes the) s
5 261 M
(   architecture of the SSH protocol, as well as the notation and) s
5 250 M
(   terminology used in SSH protocol documents. It also discusses the SSH) s
5 239 M
(   algorithm naming system that allows local extensions. The SSH) s
5 228 M
(   protocol consists of three major components: The Transport Layer) s
5 217 M
(   Protocol provides server authentication, confidentiality, and) s
5 206 M
(   integrity with perfect forward secrecy. The User Authentication) s
5 195 M
(   Protocol authenticates the client to the server. The Connection) s
5 184 M
(   Protocol multiplexes the encrypted tunnel into several logical) s
5 173 M
(   channels. Details of these protocols are described in separate) s
5 129 M
(Ylonen & Moffat          Expires March 31, 2004                 [Page 1]) s
_R
S
PStoPSsaved restore
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
595.000000 421.271378 translate
90 rotate
0.706651 dup scale
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
_S
75 0 translate
/pagenum 2 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
%%EndPageSetup
5 723 M
(Internet-Draft         SSH Protocol Architecture                Oct 2003) s
5 690 M
(   documents.) s
5 668 M
(Table of Contents) s
5 646 M
(   1.    Contributors . . . . . . . . . . . . . . . . . . . . . . . .  3) s
5 635 M
(   2.    Introduction . . . . . . . . . . . . . . . . . . . . . . . .  3) s
5 624 M
(   3.    Specification of Requirements  . . . . . . . . . . . . . . .  3) s
5 613 M
(   4.    Architecture . . . . . . . . . . . . . . . . . . . . . . . .  3) s
5 602 M
(   4.1   Host Keys  . . . . . . . . . . . . . . . . . . . . . . . . .  4) s
5 591 M
(   4.2   Extensibility  . . . . . . . . . . . . . . . . . . . . . . .  5) s
5 580 M
(   4.3   Policy Issues  . . . . . . . . . . . . . . . . . . . . . . .  5) s
5 569 M
(   4.4   Security Properties  . . . . . . . . . . . . . . . . . . . .  6) s
5 558 M
(   4.5   Packet Size and Overhead . . . . . . . . . . . . . . . . . .  6) s
5 547 M
(   4.6   Localization and Character Set Support . . . . . . . . . . .  7) s
5 536 M
(   5.    Data Type Representations Used in the SSH Protocols  . . . .  8) s
5 525 M
(   6.    Algorithm Naming . . . . . . . . . . . . . . . . . . . . . . 10) s
5 514 M
(   7.    Message Numbers  . . . . . . . . . . . . . . . . . . . . . . 11) s
5 503 M
(   8.    IANA Considerations  . . . . . . . . . . . . . . . . . . . . 11) s
5 492 M
(   9.    Security Considerations  . . . . . . . . . . . . . . . . . . 12) s
5 481 M
(   9.1   Pseudo-Random Number Generation  . . . . . . . . . . . . . . 12) s
5 470 M
(   9.2   Transport  . . . . . . . . . . . . . . . . . . . . . . . . . 13) s
5 459 M
(   9.2.1 Confidentiality  . . . . . . . . . . . . . . . . . . . . . . 13) s
5 448 M
(   9.2.2 Data Integrity . . . . . . . . . . . . . . . . . . . . . . . 16) s
5 437 M
(   9.2.3 Replay . . . . . . . . . . . . . . . . . . . . . . . . . . . 16) s
5 426 M
(   9.2.4 Man-in-the-middle  . . . . . . . . . . . . . . . . . . . . . 17) s
5 415 M
(   9.2.5 Denial-of-service  . . . . . . . . . . . . . . . . . . . . . 19) s
5 404 M
(   9.2.6 Covert Channels  . . . . . . . . . . . . . . . . . . . . . . 19) s
5 393 M
(   9.2.7 Forward Secrecy  . . . . . . . . . . . . . . . . . . . . . . 20) s
5 382 M
(   9.3   Authentication Protocol  . . . . . . . . . . . . . . . . . . 20) s
5 371 M
(   9.3.1 Weak Transport . . . . . . . . . . . . . . . . . . . . . . . 21) s
5 360 M
(   9.3.2 Debug messages . . . . . . . . . . . . . . . . . . . . . . . 21) s
5 349 M
(   9.3.3 Local security policy  . . . . . . . . . . . . . . . . . . . 21) s
5 338 M
(   9.3.4 Public key authentication  . . . . . . . . . . . . . . . . . 22) s
5 327 M
(   9.3.5 Password authentication  . . . . . . . . . . . . . . . . . . 22) s
5 316 M
(   9.3.6 Host based authentication  . . . . . . . . . . . . . . . . . 23) s
5 305 M
(   9.4   Connection protocol  . . . . . . . . . . . . . . . . . . . . 23) s
5 294 M
(   9.4.1 End point security . . . . . . . . . . . . . . . . . . . . . 23) s
5 283 M
(   9.4.2 Proxy forwarding . . . . . . . . . . . . . . . . . . . . . . 23) s
5 272 M
(   9.4.3 X11 forwarding . . . . . . . . . . . . . . . . . . . . . . . 24) s
5 261 M
(         Normative References . . . . . . . . . . . . . . . . . . . . 24) s
5 250 M
(         Informative References . . . . . . . . . . . . . . . . . . . 25) s
5 239 M
(         Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 27) s
5 228 M
(         Intellectual Property and Copyright Statements . . . . . . . 28) s
5 129 M
(Ylonen & Moffat          Expires March 31, 2004                 [Page 2]) s
_R
S
PStoPSsaved restore
%%Page: (2,3) 2
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
595.000000 0.271378 translate
90 rotate
0.706651 dup scale
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
/showpage{}def/copypage{}def/erasepage{}def
PStoPSxform concat
%%BeginPageSetup
_S
75 0 translate
/pagenum 3 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
%%EndPageSetup
5 723 M
(Internet-Draft         SSH Protocol Architecture                Oct 2003) s
5 690 M
(1. Contributors) s
5 668 M
(   The major original contributors of this document were: Tatu Ylonen,) s
5 657 M
(   Tero Kivinen, Timo J. Rinne, Sami Lehtinen \(all of SSH Communications) s
5 646 M
(   Security Corp\), and Markku-Juhani O. Saarinen \(University of) s
5 635 M
(   Jyvaskyla\)) s
5 613 M
(   The document editor is: Darren.Moffat@Sun.COM.  Comments on this) s
5 602 M
(   internet draft should be sent to the IETF SECSH working group,) s
5 591 M
(   details at: http://ietf.org/html.charters/secsh-charter.html) s
5 569 M
(2. Introduction) s
5 547 M
(   SSH is a protocol for secure remote login and other secure network) s
5 536 M
(   services over an insecure network.  It consists of three major) s
5 525 M
(   components:) s
5 514 M
(   o  The Transport Layer Protocol [SSH-TRANS] provides server) s
5 503 M
(      authentication, confidentiality, and integrity. It may optionally) s
5 492 M
(      also provide compression. The transport layer will typically be) s
5 481 M
(      run over a TCP/IP connection, but might also be used on top of any) s
5 470 M
(      other reliable data stream.) s
5 459 M
(   o  The User Authentication Protocol [SSH-USERAUTH] authenticates the) s
5 448 M
(      client-side user to the server. It runs over the transport layer) s
5 437 M
(      protocol.) s
5 426 M
(   o  The Connection Protocol [SSH-CONNECT] multiplexes the encrypted) s
5 415 M
(      tunnel into several logical channels. It runs over the user) s
5 404 M
(      authentication protocol.) s
5 382 M
(   The client sends a service request once a secure transport layer) s
5 371 M
(   connection has been established. A second service request is sent) s
5 360 M
(   after user authentication is complete. This allows new protocols to) s
5 349 M
(   be defined and coexist with the protocols listed above.) s
5 327 M
(   The connection protocol provides channels that can be used for a wide) s
5 316 M
(   range of purposes. Standard methods are provided for setting up) s
5 305 M
(   secure interactive shell sessions and for forwarding \("tunneling"\)) s
5 294 M
(   arbitrary TCP/IP ports and X11 connections.) s
5 272 M
(3. Specification of Requirements) s
5 250 M
(   All documents related to the SSH protocols shall use the keywords) s
5 239 M
(   "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD",) s
5 228 M
(   "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" to describe) s
5 217 M
(   requirements.  They are to be interpreted as described in [RFC2119].) s
5 195 M
(4. Architecture) s
5 129 M
(Ylonen & Moffat          Expires March 31, 2004                 [Page 3]) s
_R
S
PStoPSsaved restore
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
595.000000 421.271378 translate
90 rotate
0.706651 dup scale
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
_S
75 0 translate
/pagenum 4 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
%%EndPageSetup
5 723 M
(Internet-Draft         SSH Protocol Architecture                Oct 2003) s
5 690 M
(4.1 Host Keys) s
5 668 M
(   Each server host SHOULD have a host key.  Hosts MAY have multiple) s
5 657 M
(   host keys using multiple different algorithms.  Multiple hosts MAY) s
5 646 M
(   share the same host key. If a host has keys at all, it MUST have at) s
5 635 M
(   least one key using each REQUIRED public key algorithm \(DSS) s
5 624 M
(   [FIPS-186]\).) s
5 602 M
(   The server host key is used during key exchange to verify that the) s
5 591 M
(   client is really talking to the correct server. For this to be) s
5 580 M
(   possible, the client must have a priori knowledge of the server's) s
5 569 M
(   public host key.) s
5 547 M
(   Two different trust models can be used:) s
5 536 M
(   o  The client has a local database that associates each host name \(as) s
5 525 M
(      typed by the user\) with the corresponding public host key.  This) s
5 514 M
(      method requires no centrally administered infrastructure, and no) s
5 503 M
(      third-party coordination.  The downside is that the database of) s
5 492 M
(      name-to-key associations may become burdensome to maintain.) s
5 481 M
(   o  The host name-to-key association is certified by some trusted) s
5 470 M
(      certification authority.  The client only knows the CA root key,) s
5 459 M
(      and can verify the validity of all host keys certified by accepted) s
5 448 M
(      CAs.) s
5 426 M
(      The second alternative eases the maintenance problem, since) s
5 415 M
(      ideally only a single CA key needs to be securely stored on the) s
5 404 M
(      client.  On the other hand, each host key must be appropriately) s
5 393 M
(      certified by a central authority before authorization is possible.) s
5 382 M
(      Also, a lot of trust is placed on the central infrastructure.) s
5 360 M
(   The protocol provides the option that the server name - host key) s
5 349 M
(   association is not checked when connecting to the host for the first) s
5 338 M
(   time. This allows communication without prior communication of host) s
5 327 M
(   keys or certification. The connection still provides protection) s
5 316 M
(   against passive listening; however, it becomes vulnerable to active) s
5 305 M
(   man-in-the-middle attacks. Implementations SHOULD NOT normally allow) s
5 294 M
(   such connections by default, as they pose a potential security) s
5 283 M
(   problem. However, as there is no widely deployed key infrastructure) s
5 272 M
(   available on the Internet yet, this option makes the protocol much) s
5 261 M
(   more usable during the transition time until such an infrastructure) s
5 250 M
(   emerges, while still providing a much higher level of security than) s
5 239 M
(   that offered by older solutions \(e.g. telnet [RFC-854] and rlogin) s
5 228 M
(   [RFC-1282]\).) s
5 206 M
(   Implementations SHOULD try to make the best effort to check host) s
5 195 M
(   keys.  An example of a possible strategy is to only accept a host key) s
5 184 M
(   without checking the first time a host is connected, save the key in) s
5 173 M
(   a local database, and compare against that key on all future) s