Secure Shell (secsh)
--------------------

 Charter
 Last Modified: 2005-09-08

 Current Status: Active Working Group

 Chair(s):
     Bill Sommerfeld  <sommerfeld@sun.com>

 Security Area Director(s):
     Russ Housley  <housley@vigilsec.com>
     Sam Hartman  <hartmans-ietf@mit.edu>

 Security Area Advisor:
     Sam Hartman  <hartmans-ietf@mit.edu>

 Mailing Lists: 
     General Discussion:ietf-ssh@netbsd.org
     To Subscribe:      majordomo@netbsd.org
         In Body:       subscribe ietf-ssh
     Archive:           ftp://ftp.ietf.org/ietf-mail-archive/secsh/

Description of Working Group:

The goal of the working group is to update and standardize the popular
SSH protocol. SSH provides support for secure remote login, secure file
transfer, and secure TCP/IP and X11 forwardings. It can automatically
encrypt, authenticate, and compress transmitted data.  The working
group will attempt to assure that the SSH protocol

 o  provides strong security against cryptanalysis and protocol 
attacks,

 o  can work reasonably well without a global key management or
    certificate infrastructure,

 o  can utilize existing certificate infrastructures (e.g., DNSSEC,
    SPKI, X.509) when available,

 o  can be made easy to deploy and take into use,

 o  requires minimum or no manual interaction from users,

 o  is reasonably clean and simple to implement.

The resulting protocol will operate over TCP/IP or other reliable but
insecure transport. It is intended to be implemented at the application
level.

 Goals and Milestones:

   Done         Submit Internet-Draft on SSH-2.0 protocol 

   Done         Decide on Transport Layer protocol at Memphis IETF. 

   Done         Post revised core secsh drafts 

   Done         Submit core drafts to IESG for publication as proposed standard 

   Done         Post extensions drafts for review 

   Done         Start sending extensions drafts to Last Call 

   Done         Publish draft on new crypto modes 

   Done         GSSAPI draft ready for last call 

   Done         Publish draft on X.509v3/pkix support (or subsume into gssapi 
                draft) 

   Done         Publish draft on terminal server support 

   Done         IESG approval of core drafts 

   Aug 2005       Public key subsystem ready for last call 

   Done         Publickeyfile ready for last call as Informational 

   Sep 2005       URI draft ready for last call 

   Oct 2005       File transfer draft ready for last call 

   Oct 2005       X.509v3/pkix draft ready for last call 

   Nov 2005       Investigate Draft Standard status for secure shell 


 Internet-Drafts:

Posted Revised         I-D Title   <Filename>
------ ------- --------------------------------------------
Jan 2001 Jul 2006   <draft-ietf-secsh-filexfer-13.txt>
                SSH File Transfer Protocol 

Jan 2001 Mar 2006   <draft-ietf-secsh-publickeyfile-13.txt>
                SSH Public Key File Format 

Oct 2003 Oct 2006   <draft-ietf-secsh-publickey-subsystem-08.txt>
                Secure Shell Public-Key Subsystem 

 Request For Comments:

  RFC   Stat Published     Title
------- -- ----------- ------------------------------------
RFC4250Standard  Jan 2006    The Secure Shell (SSH) Protocol Assigned Numbers 

RFC4256Standard  Jan 2006    Generic Message Exchange Authentication For The Secure 
                       Shell Protocol (SSH) 

RFC4255Standard  Jan 2006    Using DNS to Securely Publish Secure Shell (SSH) Key 
                       Fingerprints 

RFC4254Standard  Jan 2006    The Secure Shell (SSH) Connection Protocol 

RFC4253Standard  Jan 2006    The Secure Shell (SSH) Transport Layer Protocol 

RFC4252Standard  Jan 2006    The Secure Shell (SSH) Authentication Protocol 

RFC4251Standard  Jan 2006    The Secure Shell (SSH) Protocol Architecture 

RFC4344Standard  Jan 2006    The Secure Shell (SSH) Transport Layer Encryption Modes 

RFC4335Standard  Jan 2006    Secure Shell (SSH) Session Channel Break Extension 

RFC4419 PS   Mar 2006    Diffie-Hellman Group Exchange for the Secure Shell (SSH) 
                       Transport Layer Protocol 

RFC4462 PS   May 2006    Generic Security Service Application Program Interface 
                       (GSS-API) Authentication and Key Exchange for the Secure 
                       Shell Protocol