RFC 7076 on P6R's Secure Shell Public Key Subsystem

[rfc-editor]

A new Request for Comments is now available in online RFC libraries.

        
        RFC 7076

        Title:      P6R's Secure Shell Public Key 
                    Subsystem 
        Author:     M. Joseph, J. Susoy
        Status:     Informational
        Stream:     Independent
        Date:       November 2013
        Mailbox:    m...@p6r.com, 
                    j...@p6r.com
        Pages:      11
        Characters: 20430
        Updates/Obsoletes/SeeAlso:   None

        I-D Tag:    draft-joseph-pkix-p6rsshextension-04.txt

        URL:        http://www.rfc-editor.org/rfc/rfc7076.txt

The Secure Shell (SSH) Public Key Subsystem protocol defines a key
distribution protocol that is limited to provisioning an SSH server with a
user's public keys.  This document describes a new protocol that builds on 
the protocol defined in RFC 4819 to allow the provisioning of keys and
certificates to a server using the SSH transport.

The new protocol allows the calling client to organize
keys and certificates in different namespaces on a server.  These
namespaces can be used by the server to allow a client to configure
any application running on the server (e.g., SSH, Key Management
Interoperability Protocol (KMIP), Simple Network Management Protocol (SNMP)).

The new protocol provides a server-independent mechanism for clients
to add public keys, remove public keys, add certificates, remove
certificates, and list the current set of keys and certificates known by
the server by namespace (e.g., list all public keys in the SSH
namespace).

Rights to manage keys and certificates in a particular namespace are
specific and limited to the authorized user and are defined as part of
the server's implementation.  The described protocol is backward
compatible to version 2 defined by RFC 4819.


INFORMATIONAL: This memo provides information for the Internet community.
It does not specify an Internet standard of any kind. Distribution of
this memo is unlimited.

This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see
  http://www.ietf.org/mailman/listinfo/ietf-announce
  http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist

For searching the RFC series, see 
http://www.rfc-editor.org/search/rfc_search.php
For downloading RFCs, see http://www.rfc-editor.org/rfc.html

Requests for special distribution should be addressed to either the
author of the RFC in question, or to rfc-edi...@rfc-editor.org.  Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.


The RFC Editor Team
Association Management Solutions, LLC