draft-ietf-secsh-dns-05.txt

bind 9.3结合mysql数据库

Secure Shell Working Group                                   J. Schlyter
Internet-Draft                                                   OpenSSH
Expires: March 5, 2004                                        W. Griffin
                                                                  SPARTA
                                                       September 5, 2003


           Using DNS to Securely Publish SSH Key Fingerprints
                      draft-ietf-secsh-dns-05.txt

Status of this Memo

   This document is an Internet-Draft and is in full conformance with
   all provisions of Section 10 of RFC2026.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups. Note that other
   groups may also distribute working documents as Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time. It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at http://
   www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on March 5, 2004.

Copyright Notice

   Copyright (C) The Internet Society (2003). All Rights Reserved.

Abstract

   This document describes a method to verify SSH host keys using
   DNSSEC. The document defines a new DNS resource record that contains
   a standard SSH key fingerprint.











Schlyter & Griffin       Expires March 5, 2004                  [Page 1]

Internet-Draft          DNS and SSH Fingerprints          September 2003


Table of Contents

   1.    Introduction . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.    SSH Host Key Verification  . . . . . . . . . . . . . . . . .  3
   2.1   Method . . . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.2   Implementation Notes . . . . . . . . . . . . . . . . . . . .  3
   2.3   Fingerprint Matching . . . . . . . . . . . . . . . . . . . .  4
   2.4   Authentication . . . . . . . . . . . . . . . . . . . . . . .  4
   3.    The SSHFP Resource Record  . . . . . . . . . . . . . . . . .  4
   3.1   The SSHFP RDATA Format . . . . . . . . . . . . . . . . . . .  5
   3.1.1 Algorithm Number Specification . . . . . . . . . . . . . . .  5
   3.1.2 Fingerprint Type Specification . . . . . . . . . . . . . . .  5
   3.1.3 Fingerprint  . . . . . . . . . . . . . . . . . . . . . . . .  5
   3.2   Presentation Format of the SSHFP RR  . . . . . . . . . . . .  6
   4.    Security Considerations  . . . . . . . . . . . . . . . . . .  6
   5.    IANA Considerations  . . . . . . . . . . . . . . . . . . . .  7
         Normative References . . . . . . . . . . . . . . . . . . . .  8
         Informational References . . . . . . . . . . . . . . . . . .  8
         Authors' Addresses . . . . . . . . . . . . . . . . . . . . .  9
   A.    Acknowledgements . . . . . . . . . . . . . . . . . . . . . .  9
         Intellectual Property and Copyright Statements . . . . . . . 10






























Schlyter & Griffin       Expires March 5, 2004                  [Page 2]

Internet-Draft          DNS and SSH Fingerprints          September 2003


1. Introduction

   The SSH [6] protocol provides secure remote login and other secure
   network services over an insecure network.  The security of the
   connection relies on the server authenticating itself to the client
   as well as the user authenticating itself to the server.

   If a connection is established to a server whose public key is not
   already known to the client, a fingerprint of the key is presented to
   the user for verification.  If the user decides that the fingerprint
   is correct and accepts the key, the key is saved locally and used for
   verification for all following connections. While some
   security-conscious users verify the fingerprint out-of-band before
   accepting the key, many users blindly accept the presented key.

   The method described here can provide out-of-band verification by
   looking up a fingerprint of the server public key in the DNS [1][2]
   and using DNSSEC [5] to verify the lookup.

   In order to distribute the fingerprint using DNS, this document
   defines a new DNS resource record, "SSHFP", to carry the fingerprint.

   Basic understanding of the DNS system [1][2] and the DNS security
   extensions [5] is assumed by this document.

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [3].

2. SSH Host Key Verification

2.1 Method

   Upon connection to a SSH server, the SSH client MAY look up the SSHFP
   resource record(s) for the host it is connecting to.  If the
   algorithm and fingerprint of the key received from the SSH server
   match the algorithm and fingerprint of one of the SSHFP resource
   record(s) returned from DNS, the client MAY accept the identity of
   the server.

2.2 Implementation Notes

   Client implementors SHOULD provide a configurable policy used to
   select the order of methods used to verify a host key. This document
   defines one method: Fingerprint storage in DNS. Another method
   defined in the SSH Architecture [6] uses local files to store keys
   for comparison. Other methods that could be defined in the future
   might include storing fingerprints in LDAP or other databases. A



Schlyter & Griffin       Expires March 5, 2004                  [Page 3]

Internet-Draft          DNS and SSH Fingerprints          September 2003


   configurable policy will allow administrators to determine which
   methods they want to use and in what order the methods should be
   prioritized. This will allow administrators to determine how much
   trust they want to place in the different methods.

   One specific scenario for having a configurable policy is where
   clients do not use fully qualified host names to connect to servers.
   In this scenario, the implementation SHOULD verify the host key
   against a local database before verifying the key via the fingerprint
   returned from DNS. This would help prevent an attacker from injecting
   a DNS search path into the local resolver and forcing the client to
   connect to a different host.

2.3 Fingerprint Matching

   The public key and the SSHFP resource record are matched together by
   comparing algorithm number and fingerprint.

      The public key algorithm and the SSHFP algorithm number MUST
      match.

      A message digest of the public key, using the message digest
      algorithm specified in the SSHFP fingerprint type, MUST match the
      SSHFP fingerprint.


2.4 Authentication

   A public key verified using this method MUST NOT be trusted if the
   SSHFP resource record (RR) used for verification was not
   authenticated by a trusted SIG RR.

   Clients that do validate the DNSSEC signatures themselves SHOULD use
   standard DNSSEC validation procedures.

   Clients that do not validate the DNSSEC signatures themselves MUST
   use a secure transport, e.g. TSIG [9], SIG(0) [10] or IPsec [8],
   between themselves and the entity performing the signature
   validation.

3. The SSHFP Resource Record

   The SSHFP resource record (RR) is used to store a fingerprint of a
   SSH public host key that is associated with a Domain Name System
   (DNS) name.

   The RR type code for the SSHFP RR is TBA.




Schlyter & Griffin       Expires March 5, 2004                  [Page 4]

Internet-Draft          DNS and SSH Fingerprints          September 2003


3.1 The SSHFP RDATA Format

   The RDATA for a SSHFP RR consists of an algorithm number, fingerprint
   type and the fingerprint of the public host key.

         1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
         0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
         +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
         |   algorithm   |    fp type    |                               /
         +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               /
         /                                                               /
         /                          fingerprint                          /
         /                                                               /
         +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


3.1.1 Algorithm Number Specification

   This algorithm number octet describes the algorithm of the public
   key.  The following values are assigned:

          Value    Algorithm name
          -----    --------------
          0        reserved
          1        RSA
          2        DSS

   Reserving other types requires IETF consensus [4].

3.1.2 Fingerprint Type Specification

   The fingerprint type octet describes the message-digest algorithm
   used to calculate the fingerprint of the public key.  The following
   values are assigned:

          Value    Fingerprint type
          -----    ----------------
          0        reserved
          1        SHA-1

   Reserving other types requires IETF consensus [4].

   For interoperability reasons, as few fingerprint types as possible
   should be reserved.  The only reason to reserve additional types is
   to increase security.

3.1.3 Fingerprint




Schlyter & Griffin       Expires March 5, 2004                  [Page 5]

Internet-Draft          DNS and SSH Fingerprints          September 2003


   The fingerprint is calculated over the public key blob as described
   in [7].

   The message-digest algorithm is presumed to produce an opaque octet
   string output which is placed as-is in the RDATA fingerprint field.

3.2 Presentation Format of the SSHFP RR

   The RDATA of the presentation format of the SSHFP resource record
   consists of two numbers (algorithm and fingerprint type) followed by
   the fingerprint itself presented in hex, e.g:

         host.example.  SSHFP 2 1 123456789abcdef67890123456789abcdef67890

   The use of mnemonics instead of numbers is not allowed.

4. Security Considerations

   Currently, the amount of trust a user can realistically place in a
   server key is proportional to the amount of attention paid to
   verifying that the public key presented actually corresponds to the
   private key of the server. If a user accepts a key without verifying
   the fingerprint with something learned through a secured channel, the
   connection is vulnerable to a man-in-the-middle attack.

   The overall security of using SSHFP for SSH host key verification is
   dependent on the security policies of the SSH host administrator and