Secure Shell Maintenance (sshm)
| WG | Name | Secure Shell Maintenance | |
|---|---|---|---|
| Acronym | sshm | ||
| Area | Security Area (sec) | ||
| State | Active | ||
| Charter | charter-ietf-sshm-01 Approved | ||
| Document dependencies | |||
| Personnel | Chairs | Job Snijders, Stephen Farrell | |
| Area Director | Deb Cooley | ||
| Mailing list | Address | ssh@ietf.org | |
| To subscribe | https://mailman3.ietf.org/mailman3/lists/ssh.ietf.org/ | ||
| Archive | https://mailarchive.ietf.org/arch/browse/ssh/ | ||
| Chat | Room address | https://zulip.ietf.org/#narrow/stream/sshm |
Charter for Working Group
The main goal of the working group is to maintain the Secure Shell (SSH) protocol. SSH provides support for secure remote login, file transfer, and forwarding UNIX-domain sockets, TCP/IP and X11. It can automatically encrypt, authenticate, and compress transmitted data.
The SSHM working group facilitates discussion of clarifications, improvements, and extensions to the SSH protocol.
The initial goals of this working group are:
-
to update the RFCs documenting SSH to reflect what is implemented and deployed in practice. In particular, the working group will document the OpenSSH certificate structure, the SSH agent protocol, and SFTP, as they are currently implemented.
-
to update and maintain the list of cryptographic algorithms used by SSH. This includes documenting currently deployed algorithms, deprecating unsafe algorithms, selecting new algorithms, and determining the set of recommended and mandatory-to-implement algorithms. Updating IANA SSH registries and changing their registration policies is in scope.
While the development of formal verification proofs is out of scope, this working group can respond to emerging proofs, and to security issues found by formal verification tools. This can be done for example by defining new extensions to improve the security of SSH.
This working group will strive for strong security, simplicity, and ease of implementation. In particular, proposals will only be adopted if there is evidence of significant existing deployment or broad interest in new implementation and deployment. Protocol documents should not be submitted to the IESG for publication before they have at least two demonstrably interoperable implementations.
Out of scope includes:
- defining new certificate types or trust mechanisms;
- defining new transports for SSH;
- designing cryptographic algorithms (but defining how SSH uses cryptographic algorithms is in scope).
Milestones
| Date | Milestone | Associated documents |
|---|---|---|
| Jul 2025 | Issue call for adoption for rfc9519bis draft | |
| Mar 2025 | Issue call for adoption for SSH Agent Protocol draft | |
| Jan 2025 | Issue calls for drafts documenting existing and widely used SSH protocol features | |
| Dec 2024 | Issue call for adoption for sntrup761-x25519 draft | |
| Dec 2024 | Issue call for adoption for chacha20-poly1305 draft |