draft-ietf-secsh-architecture-15.2.ps

OTP是开放电信平台的简称

(      Represents a 32-bit unsigned integer.  Stored as four bytes in the) s
5 283 M
(      order of decreasing significance \(network byte order\). For) s
5 272 M
(      example, the value 699921578 \(0x29b7f4aa\) is stored as 29 b7 f4) s
5 261 M
(      aa.) s
5 239 M
(   uint64) s
5 217 M
(      Represents a 64-bit unsigned integer.  Stored as eight bytes in) s
5 206 M
(      the order of decreasing significance \(network byte order\).) s
5 129 M
(Ylonen & Moffat          Expires March 31, 2004                 [Page 8]) s
_R
S
PStoPSsaved restore
%%Page: (8,9) 5
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
595.000000 0.271378 translate
90 rotate
0.706651 dup scale
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
/showpage{}def/copypage{}def/erasepage{}def
PStoPSxform concat
%%BeginPageSetup
_S
75 0 translate
/pagenum 9 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
%%EndPageSetup
5 723 M
(Internet-Draft         SSH Protocol Architecture                Oct 2003) s
5 690 M
(   string) s
5 668 M
(      Arbitrary length binary string.  Strings are allowed to contain) s
5 657 M
(      arbitrary binary data, including null characters and 8-bit) s
5 646 M
(      characters. They are stored as a uint32 containing its length) s
5 635 M
(      \(number of bytes that follow\) and zero \(= empty string\) or more) s
5 624 M
(      bytes that are the value of the string.  Terminating null) s
5 613 M
(      characters are not used.) s
5 591 M
(      Strings are also used to store text.  In that case, US-ASCII is) s
5 580 M
(      used for internal names, and ISO-10646 UTF-8 for text that might) s
5 569 M
(      be displayed to the user. The terminating null character SHOULD) s
5 558 M
(      NOT normally be stored in the string.) s
5 536 M
(      For example, the US-ASCII string "testing" is represented as 00 00) s
5 525 M
(      00 07 t e s t i n g. The UTF8 mapping does not alter the encoding) s
5 514 M
(      of US-ASCII characters.) s
5 492 M
(   mpint) s
5 470 M
(      Represents multiple precision integers in two's complement format,) s
5 459 M
(      stored as a string, 8 bits per byte, MSB first. Negative numbers) s
5 448 M
(      have the value 1 as the most significant bit of the first byte of) s
5 437 M
(      the data partition. If the most significant bit would be set for a) s
5 426 M
(      positive number, the number MUST be preceded by a zero byte.) s
5 415 M
(      Unnecessary leading bytes with the value 0 or 255 MUST NOT be) s
5 404 M
(      included.  The value zero MUST be stored as a string with zero) s
5 393 M
(      bytes of data.) s
5 371 M
(      By convention, a number that is used in modular computations in) s
5 360 M
(      Z_n SHOULD be represented in the range 0 <= x < n.) s
5 338 M
(       Examples:) s
5 327 M
(       value \(hex\)        representation \(hex\)) s
5 316 M
(       ---------------------------------------------------------------) s
5 305 M
(       0                  00 00 00 00) s
5 294 M
(       9a378f9b2e332a7    00 00 00 08 09 a3 78 f9 b2 e3 32 a7) s
5 283 M
(       80                 00 00 00 02 00 80) s
5 272 M
(       -1234              00 00 00 02 ed cc) s
5 261 M
(       -deadbeef          00 00 00 05 ff 21 52 41 11) s
5 217 M
(   name-list) s
5 195 M
(      A string containing a comma separated list of names. A name list) s
5 184 M
(      is represented as a uint32 containing its length \(number of bytes) s
5 173 M
(      that follow\) followed by a comma-separated list of zero or more) s
5 129 M
(Ylonen & Moffat          Expires March 31, 2004                 [Page 9]) s
_R
S
PStoPSsaved restore
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
595.000000 421.271378 translate
90 rotate
0.706651 dup scale
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
_S
75 0 translate
/pagenum 10 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
%%EndPageSetup
5 723 M
(Internet-Draft         SSH Protocol Architecture                Oct 2003) s
5 690 M
(      names. A name MUST be non-zero length, and it MUST NOT contain a) s
5 679 M
(      comma \(','\). Context may impose additional restrictions on the) s
5 668 M
(      names; for example, the names in a list may have to be valid) s
5 657 M
(      algorithm identifier \(see Algorithm Naming below\), or [RFC-3066]) s
5 646 M
(      language tags. The order of the names in a list may or may not be) s
5 635 M
(      significant, also depending on the context where the list is is) s
5 624 M
(      used. Terminating NUL characters are not used, neither for the) s
5 613 M
(      individual names, nor for the list as a whole.) s
5 591 M
(       Examples:) s
5 580 M
(       value              representation \(hex\)) s
5 569 M
(       ---------------------------------------) s
5 558 M
(       \(\), the empty list 00 00 00 00) s
5 547 M
(       \("zlib"\)           00 00 00 04 7a 6c 69 62) s
5 536 M
(       \("zlib", "none"\)   00 00 00 09 7a 6c 69 62 2c 6e 6f 6e 65) s
5 481 M
(6. Algorithm Naming) s
5 459 M
(   The SSH protocols refer to particular hash, encryption, integrity,) s
5 448 M
(   compression, and key exchange algorithms or protocols by names.) s
5 437 M
(   There are some standard algorithms that all implementations MUST) s
5 426 M
(   support. There are also algorithms that are defined in the protocol) s
5 415 M
(   specification but are OPTIONAL.  Furthermore, it is expected that) s
5 404 M
(   some organizations will want to use their own algorithms.) s
5 382 M
(   In this protocol, all algorithm identifiers MUST be printable) s
5 371 M
(   US-ASCII non-empty strings no longer than 64 characters. Names MUST) s
5 360 M
(   be case-sensitive.) s
5 338 M
(   There are two formats for algorithm names:) s
5 327 M
(   o  Names that do not contain an at-sign \(@\) are reserved to be) s
5 316 M
(      assigned by IETF consensus \(RFCs\).  Examples include `3des-cbc',) s
5 305 M
(      `sha-1', `hmac-sha1', and `zlib' \(the quotes are not part of the) s
5 294 M
(      name\).  Names of this format MUST NOT be used without first) s
5 283 M
(      registering them.  Registered names MUST NOT contain an at-sign) s
5 272 M
(      \(@\) or a comma \(,\).) s
5 261 M
(   o  Anyone can define additional algorithms by using names in the) s
5 250 M
(      format name@domainname, e.g. "ourcipher-cbc@example.com". The) s
5 239 M
(      format of the part preceding the at sign is not specified; it MUST) s
5 228 M
(      consist of US-ASCII characters except at-sign and comma. The part) s
5 217 M
(      following the at-sign MUST be a valid fully qualified internet) s
5 206 M
(      domain name [RFC-1034] controlled by the person or organization) s
5 195 M
(      defining the name. It is up to each domain how it manages its) s
5 184 M
(      local namespace.) s
5 129 M
(Ylonen & Moffat          Expires March 31, 2004                [Page 10]) s
_R
S
PStoPSsaved restore
%%Page: (10,11) 6
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
595.000000 0.271378 translate
90 rotate
0.706651 dup scale
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
/showpage{}def/copypage{}def/erasepage{}def
PStoPSxform concat
%%BeginPageSetup
_S
75 0 translate
/pagenum 11 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
%%EndPageSetup
5 723 M
(Internet-Draft         SSH Protocol Architecture                Oct 2003) s
5 690 M
(7. Message Numbers) s
5 668 M
(   SSH packets have message numbers in the range 1 to 255. These numbers) s
5 657 M
(   have been allocated as follows:) s
5 624 M
(     Transport layer protocol:) s
5 602 M
(       1 to 19    Transport layer generic \(e.g. disconnect, ignore, debug,) s
5 591 M
(                  etc.\)) s
5 580 M
(       20 to 29   Algorithm negotiation) s
5 569 M
(       30 to 49   Key exchange method specific \(numbers can be reused for) s
5 558 M
(                  different authentication methods\)) s
5 536 M
(     User authentication protocol:) s
5 514 M
(       50 to 59   User authentication generic) s
5 503 M
(       60 to 79   User authentication method specific \(numbers can be) s
5 492 M
(                  reused for different authentication methods\)) s
5 470 M
(     Connection protocol:) s
5 448 M
(       80 to 89   Connection protocol generic) s
5 437 M
(       90 to 127  Channel related messages) s
5 415 M
(     Reserved for client protocols:) s
5 393 M
(       128 to 191 Reserved) s
5 371 M
(     Local extensions:) s
5 349 M
(       192 to 255 Local extensions) s
5 305 M
(8. IANA Considerations) s
5 283 M
(   The initial state of the IANA registry is detailed in [SSH-NUMBERS].) s
5 261 M
(   Allocation of the following types of names in the SSH protocols is) s
5 250 M
(   assigned by IETF consensus:) s
5 239 M
(   o  SSH encryption algorithm names,) s
5 228 M
(   o  SSH MAC algorithm names,) s
5 217 M
(   o  SSH public key algorithm names \(public key algorithm also implies) s
5 206 M
(      encoding and signature/encryption capability\),) s
5 195 M
(   o  SSH key exchange method names, and) s
5 184 M
(   o  SSH protocol \(service\) names.) s
5 129 M
(Ylonen & Moffat          Expires March 31, 2004                [Page 11]) s
_R
S
PStoPSsaved restore
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
595.000000 421.271378 translate
90 rotate
0.706651 dup scale
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
_S
75 0 translate
/pagenum 12 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
%%EndPageSetup
5 723 M
(Internet-Draft         SSH Protocol Architecture                Oct 2003) s
5 690 M
(   These names MUST be printable US-ASCII strings, and MUST NOT contain) s
5 679 M
(   the characters at-sign \('@'\), comma \(','\), or whitespace or control) s
5 668 M
(   characters \(ASCII codes 32 or less\).  Names are case-sensitive, and) s
5 657 M
(   MUST NOT be longer than 64 characters.) s
5 635 M
(   Names with the at-sign \('@'\) in them are allocated by the owner of) s
5 624 M
(   DNS name after the at-sign \(hierarchical allocation in [RFC-2343]\),) s
5 613 M
(   otherwise the same restrictions as above.) s
5 591 M
(   Each category of names listed above has a separate namespace.) s
5 580 M
(   However, using the same name in multiple categories SHOULD be avoided) s
5 569 M
(   to minimize confusion.) s
5 547 M
(   Message numbers \(see Section Message Numbers \(Section 7\)\) in the) s
5 536 M
(   range of 0..191 are allocated via IETF consensus; message numbers in) s
5 525 M
(   the 192..255 range \(the "Local extensions" set\) are reserved for) s
5 514 M
(   private use.) s
5 492 M
(9. Security Considerations) s
5 470 M
(   In order to make the entire body of Security Considerations more) s
5 459 M
(   accessible, Security Considerations for the transport,) s
5 448 M
(   authentication, and connection documents have been gathered here.) s
5 426 M
(   The transport protocol [1] provides a confidential channel over an) s
5 415 M
(   insecure network.  It performs server host authentication, key) s
5 404 M
(   exchange, encryption, and integrity protection.  It also derives a) s
5 393 M
(   unique session id that may be used by higher-level protocols.) s
5 371 M
(   The authentication protocol [2] provides a suite of mechanisms which) s
5 360 M
(   can be used to authenticate the client user to the server.) s
5 349 M
(   Individual mechanisms specified in the in authentication protocol use) s
5 338 M
(   the session id provided by the transport protocol and/or depend on) s
5 327 M
(   the security and integrity guarantees of the transport protocol.) s
5 305 M
(   The connection protocol [3] specifies a mechanism to multiplex) s
5 294 M
(   multiple streams [channels] of data over the confidential and) s
5 283 M
(   authenticated transport. It also specifies channels for accessing an) s
5 272 M
(   interactive shell, for 'proxy-forwarding' various external protocols) s
5 261 M
(   over the secure transport \(including arbitrary TCP/IP protocols\), and) s
5 250 M
(   for accessing secure 'subsystems' on the server host.) s
5 228 M
(9.1 Pseudo-Random Number Generation) s
5 206 M
(   This protocol binds each session key to the session by including) s
5 195 M
(   random, session specific data in the hash used to produce session) s
5 184 M
(   keys.  Special care should be taken to ensure that all of the random) s
5 173 M
(   numbers are of good quality.  If the random data here \(e.g., DH) s