The IESG has approved the following document: - 'Secure Shell (SSH) Key Exchange Method Using Hybrid Streamlined NTRU Prime sntrup761 and X25519 with SHA-512: sntrup761x25519-sha512' (draft-ietf-sshm-ntruprime-ssh-06.txt) as Informational RFC
This document is the product of the Secure Shell Maintenance Working Group. The IESG contact persons are Paul Wouters and Deb Cooley. A URL of this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-sshm-ntruprime-ssh/ Technical Summary This document describes a widely deployed hybrid key exchange method in the Secure Shell (SSH) protocol that is based on Streamlined NTRU Prime sntrup761 and X25519 with SHA-512.It specifies a mechanism to protect against potential "record-now-decrypt-later" attacks from the future invention of a cryptographically relevant quantum computer (CRQC). Working Group Summary The SSHM working group is recently re-opened after a long hiatus with the agreement to bring the protocol RFCs up to a current state. It has been a difficult start, but there have been some good interactions. For this draft there was both controversy and an appeal to the responsible AD: This specific mechanism is based on an algorithm (NTRU Prime) that has not been selected as a "winner" in the NIST post-quantum competition. It should be noted that NTRU Prime has a fairly long history in the cryptographic community and is widely deployed for at least 5 years in SSH products. The SSHM WG has other drafts in the pipeline to handle NIST "winners" but how to signal IETF or WG preferences in this space is inherently tricky. The controversy was about the intended RFC status (Informational) and the state of the algorithm in the registry (SHOULD). In the end 'rough concensus' was reached. Document Quality It is widely implemented, selected as the default KEX in OpenSSH, for about 5 years. Many of the SSH implementations have this already implemented. There was an invalid IPR disclosure made, which has been removed. The artifacts are still there, but it is not a valid IPR disclosure. There are no Yang modules, Media Type registrations, or other expert reviews required. Personnel The Document Shepherd for this document is Job Snijders. The Responsible Area Director is Deb Cooley. _______________________________________________ IETF-Announce mailing list -- [email protected] To unsubscribe send an email to [email protected]
