| draft-ietf-secsh-transport-06.txt | draft-ietf-secsh-transport-07.txt | |||
|---|---|---|---|---|
| Network Working Group T. Ylonen | Network Working Group T. Ylonen | |||
| INTERNET-DRAFT T. Kivinen | INTERNET-DRAFT T. Kivinen | |||
| draft-ietf-secsh-transport-06.txt M. Saarinen | draft-ietf-secsh-transport-07.txt M. Saarinen | |||
| Expires in six months T. Rinne | Expires in six months T. Rinne | |||
| S. Lehtinen | S. Lehtinen | |||
| SSH | SSH Communications Security | |||
| 22 June 1999 | 11 May 2000 | |||
| SSH Transport Layer Protocol | SSH Transport Layer Protocol | |||
| Status of This Memo | Status of This memo | |||
| This document is an Internet-Draft and is in full conformance | This document is an Internet-Draft and is in full conformance | |||
| with all provisions of Section 10 of RFC2026. | with all provisions of Section 10 of RFC2026. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
| other groups may also distribute working documents as | other groups may also distribute working documents as | |||
| Internet-Drafts. | Internet-Drafts. | |||
| Internet-Drafts are draft documents valid for a maximum of six | Internet-Drafts are draft documents valid for a maximum of six | |||
| skipping to change at page 17, line 46 ¶ | skipping to change at page 17, line 46 ¶ | |||
| The sender MUST NOT send or receive any data after this message, and the | The sender MUST NOT send or receive any data after this message, and the | |||
| recipient MUST NOT accept any data after receiving this message. The | recipient MUST NOT accept any data after receiving this message. The | |||
| description field gives a more specific explanation in a human-readable | description field gives a more specific explanation in a human-readable | |||
| form. The error code gives the reason in a more machine-readable format | form. The error code gives the reason in a more machine-readable format | |||
| (suitable for localization), and can have the following values: | (suitable for localization), and can have the following values: | |||
| #define SSH_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT 1 | #define SSH_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT 1 | |||
| #define SSH_DISCONNECT_PROTOCOL_ERROR 2 | #define SSH_DISCONNECT_PROTOCOL_ERROR 2 | |||
| #define SSH_DISCONNECT_KEY_EXCHANGE_FAILED 3 | #define SSH_DISCONNECT_KEY_EXCHANGE_FAILED 3 | |||
| #define SSH_DISCONNECT_HOST_AUTHENTICATION_FAILED 4 | #define SSH_DISCONNECT_RESERVED 4 | |||
| #define SSH_DISCONNECT_MAC_ERROR 5 | #define SSH_DISCONNECT_MAC_ERROR 5 | |||
| #define SSH_DISCONNECT_COMPRESSION_ERROR 6 | #define SSH_DISCONNECT_COMPRESSION_ERROR 6 | |||
| #define SSH_DISCONNECT_SERVICE_NOT_AVAILABLE 7 | #define SSH_DISCONNECT_SERVICE_NOT_AVAILABLE 7 | |||
| #define SSH_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED 8 | #define SSH_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED 8 | |||
| #define SSH_DISCONNECT_HOST_KEY_NOT_VERIFIABLE 9 | #define SSH_DISCONNECT_HOST_KEY_NOT_VERIFIABLE 9 | |||
| #define SSH_DISCONNECT_CONNECTION_LOST 10 | #define SSH_DISCONNECT_CONNECTION_LOST 10 | |||
| #define SSH_DISCONNECT_BY_APPLICATION 11 | #define SSH_DISCONNECT_BY_APPLICATION 11 | |||
| #define SSH_DISCONNECT_TOO_MANY_CONNECTIONS 12 | ||||
| #define SSH_DISCONNECT_AUTH_CANCELLED_BY_USER 13 | ||||
| #define SSH_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE 14 | ||||
| #define SSH_DISCONNECT_ILLEGAL_USER_NAME 15 | ||||
| If the description string is displayed, control character filtering | If the description string is displayed, control character filtering | |||
| discussed in [SSH-ARCH] should be used to avoid attacks by sending | discussed in [SSH-ARCH] should be used to avoid attacks by sending | |||
| terminal control characters. | terminal control characters. | |||
| 9.2. Ignored Data Message | 9.2. Ignored Data Message | |||
| byte SSH_MSG_IGNORE | byte SSH_MSG_IGNORE | |||
| string data | string data | |||
| skipping to change at page 19, line 41 ¶ | skipping to change at page 19, line 45 ¶ | |||
| The protocol was not designed to eliminate covert channels. For | The protocol was not designed to eliminate covert channels. For | |||
| example, the padding, SSH_MSG_IGNORE messages, and several other places | example, the padding, SSH_MSG_IGNORE messages, and several other places | |||
| in the protocol can be used to pass covert information, and the | in the protocol can be used to pass covert information, and the | |||
| recipient has no reliable way to verify whether such information is | recipient has no reliable way to verify whether such information is | |||
| being sent. | being sent. | |||
| 12. Trademark Issues | 12. Trademark Issues | |||
| SSH is a registered trademark and Secure Shell is a trademark of SSH | SSH is a registered trademark and Secure Shell is a trademark of SSH | |||
| Communications Security Ltd. SSH Communications Security Ltd permits | Communications Security Corp. SSH Communications Security Corp permits | |||
| the use of these trademarks as the name of this standard and protocol, | the use of these trademarks as the name of this standard and protocol, | |||
| and permits their use to describe that a product conforms to this | and permits their use to describe that a product conforms to this | |||
| standard, provided that the following acknowledgement is included | standard, provided that the following acknowledgement is included where | |||
| where the trademarks are used: ``SSH is a registered trademark and | the trademarks are used: ``SSH is a registered trademark and Secure | |||
| Secure Shell is a trademark of SSH Communications Security Ltd | Shell is a trademark of SSH Communications Security Corp | |||
| (www.ssh.fi)''. These trademarks may not be used as part of a product | (www.ssh.com)''. These trademarks may not be used as part of a product | |||
| name or in otherwise confusing manner without prior written permission | name or in otherwise confusing manner without prior written permission | |||
| of SSH Communications Security Ltd. | of SSH Communications Security Corp. | |||
| 13. References | 13. References | |||
| [FIPS-186] Federal Information Processing Standards Publication (FIPS | [FIPS-186] Federal Information Processing Standards Publication (FIPS | |||
| PUB) 186, Digital Signature Standard, 18 May 1994. | PUB) 186, Digital Signature Standard, 18 May 1994. | |||
| [Orm96] Orman, H., "The Oakley Key Determination Protocol", version 1, | [Orm96] Orman, H., "The Oakley Key Determination Protocol", version 1, | |||
| TR97-92, Department of Computer Science Technical Report, University of | TR97-92, Department of Computer Science Technical Report, University of | |||
| Arizona. | Arizona. | |||
| [PKIX-Part1] Housley, R., et al, "Internet X.509 Public Key | [PKIX-Part1] Housley, R., et al, "Internet X.509 Public Key | |||
| Infrastructure, Certificate and CRL Profile", Internet Draft, draft- | Infrastructure, Certificate and CRL Profile", Internet Draft, draft- | |||
| ietf-pkix-ipki-part1-11.txt | ietf-pkix-ipki-part1-11.txt | |||
| skipping to change at page 20, line 40 ¶ | skipping to change at page 20, line 44 ¶ | |||
| [RFC-2144] Adams, C., "The CAST-128 Encryption Algorithm", May 1997. | [RFC-2144] Adams, C., "The CAST-128 Encryption Algorithm", May 1997. | |||
| [RFC-2440] Callas, J., et al, "OpenPGP Message Format", November 1998. | [RFC-2440] Callas, J., et al, "OpenPGP Message Format", November 1998. | |||
| [Schneier] Schneier, B., "Applied Cryptography Second Edition: | [Schneier] Schneier, B., "Applied Cryptography Second Edition: | |||
| protocols, algorithms, and source code in C", 2nd edition, John Wiley & | protocols, algorithms, and source code in C", 2nd edition, John Wiley & | |||
| Sons, New York, NY, 1996. | Sons, New York, NY, 1996. | |||
| [SSH-ARCH] Ylonen, T., et al, "SSH Protocol Architecture", Internet | [SSH-ARCH] Ylonen, T., et al, "SSH Protocol Architecture", Internet | |||
| Draft, draft-ietf-secsh-architecture-04.txt | Draft, draft-ietf-secsh-architecture-05.txt | |||
| [SSH-USERAUTH] Ylonen, T., et al, "SSH Authentication Protocol", | [SSH-USERAUTH] Ylonen, T., et al, "SSH Authentication Protocol", | |||
| Internet Draft, draft-ietf-secsh-userauth-06.txt | Internet Draft, draft-ietf-secsh-userauth-07.txt | |||
| [SSH-CONNECT] Ylonen, T., et al, "SSH Connection Protocol", Internet | [SSH-CONNECT] Ylonen, T., et al, "SSH Connection Protocol", Internet | |||
| Draft, draft-ietf-secsh-connect-06.txt | Draft, draft-ietf-secsh-connect-07.txt | |||
| 14. Authors' Addresses | 14. Authors' Addresses | |||
| Tatu Ylonen | Tatu Ylonen | |||
| SSH Communications Security Ltd. | SSH Communications Security Corp | |||
| Tekniikantie 12 | Fredrikinkatu 42 | |||
| FIN-02150 ESPOO | FIN-00100 HELSINKI | |||
| Finland | Finland | |||
| E-mail: ylo@ssh.fi | E-mail: ylo@ssh.com | |||
| Tero Kivinen | Tero Kivinen | |||
| SSH Communications Security Ltd. | SSH Communications Security Corp | |||
| Tekniikantie 12 | Fredrikinkatu 42 | |||
| FIN-02150 ESPOO | FIN-00100 HELSINKI | |||
| Finland | Finland | |||
| E-mail: kivinen@ssh.fi | E-mail: kivinen@ssh.com | |||
| Markku-Juhani O. Saarinen | Markku-Juhani O. Saarinen | |||
| SSH Communications Security Ltd. | University of Jyvaskyla | |||
| Tekniikantie 12 | ||||
| FIN-02150 ESPOO | ||||
| Finland | ||||
| E-mail: mjos@ssh.fi | ||||
| Timo J. Rinne | Timo J. Rinne | |||
| SSH Communications Security Ltd. | SSH Communications Security Corp | |||
| Tekniikantie 12 | Fredrikinkatu 42 | |||
| FIN-02150 ESPOO | FIN-00100 HELSINKI | |||
| Finland | Finland | |||
| E-mail: tri@ssh.fi | E-mail: tri@ssh.com | |||
| Sami Lehtinen | Sami Lehtinen | |||
| SSH Communications Security Ltd. | SSH Communications Security Corp | |||
| Tekniikantie 12 | Fredrikinkatu 42 | |||
| FIN-02150 ESPOO | FIN-00100 HELSINKI | |||
| Finland | Finland | |||
| E-mail: sjl@ssh.fi | E-mail: sjl@ssh.com | |||
| End of changes. 21 change blocks. | ||||
| 35 lines changed or deleted | 35 lines changed or added | |||
This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||