**Session Date/Time:** 06 Nov 2025 16:30 # SSHM ## Summary The SSHM working group met to review the status of its current drafts and discuss potential future work. Two drafts, NTRU Prime and SSH Agent, are in the final stages of the IETF publication process. A working group last call was closed for MLCAM-hybrid, and a decision was made to publish it as an Informational RFC. Another working group last call will be initiated for ChaCha20-Poly1305. The Strict Key Exchange draft requires updates to its security considerations based on new findings. Discussions were held on non-adopted drafts, including potential calls for adoption for SSH Host Key Update and SSH Certificate, and future work on SSH signature schemes. ## Key Discussion Points * **NTRU Prime (RFC Editor Queue):** The draft is currently with the RFC Editor, undergoing final review for publication within the next few weeks. * **SSH Agent Protocol (IETF Last Call):** * The draft is in IETF Last Call. Comments have been received from Tiro and potentially others. * Damien (principal author) has resolved all comments he is aware of, including IANA requests, and is prepared to push a new draft. * The SEC AD, Deb Cooley, noted that the draft may wait for additional review comments before being scheduled for an IESG telechat (likely after the November 20th telechat). * **MLCAM-hybrid (Working Group Last Call):** * The working group last call for this draft is closing at the end of the current week. * The IANA considerations are to specify "should." * A key question was whether the draft should be Informational or Standards Track. A sense of those present indicated that aligning it with NTRU Prime (Informational) was preferred, and the authors had no objection. * A previously suggested change to the CAM combiner by Simon was not broadly supported by the working group. * **ChaCha20-Poly1305 (Proposed Working Group Last Call):** * Damien (author) reported no outstanding comments he was aware of, with Simon primarily driving its progress. * A poll of the room indicated four individuals had read the draft, and it is expected to be non-controversial. * **Strict Key Exchange (Needs Author Update):** * Damien (author) identified that the description of the motivating Terrapin attack is incomplete, with researchers identifying additional applicable situations. * The guidance for implementations (currently recommending ChaCha-Poly) needs to be broadened in the draft. * Sabrina from IANA had provided feedback requesting "okay to implement" values. * The "should" versus "must" decision for strict-kex is expected to be clarified once Damien completes the text updates. * **Non-Adopted Drafts - General Discussion:** * **SSH Host Key Update & SSH Certificate (Damien's work):** Damien reported little feedback on either draft. He feels they are ready for adoption, but require more community testing and feedback. * **Pre-authentication Concepts (Bob Beck):** Bob Beck characterized this draft as proposing "proof of work before connection." There was a discussion about whether it documents existing practice or represents an innovation, with the latter being the general sense, making it less suitable for adoption under the current charter. * **SFTP Documentation (Taro, Florian):** * Taro reported no progress on documenting the "other flavor" of SFTP. * Discussion on whether to have one combined draft or separate drafts for SFTP versions (e.g., v3 and v6). Taro argued for a single document, citing significant overlap and v6 being an extension of v3, to avoid duplication. Rich Salls recalled a prior decision for two separate documents to allow independent progress. * Taro indicated he could make progress with a reminder, noting existing drafts might need cleanup of field names. * **Simon's Category (e.g., SSH-MLDSA, MLD, CNSA):** * The chairs noted these drafts document existing practice or propose new mechanisms, and are not prioritized for immediate processing under the current charter's "broad agreement" focus. * Damien expressed an appetite for a post-quantum signature scheme in SSH but preferred waiting for outcomes from other working groups (e.g., Lamps) on hybrid/combiner schemes. He supported an adoption call for a pure SSH-MLDSA. * Deb Cooley provided an update from Lamps, noting MLDSA is RFC 8991, and hybrid/composite signatures are in IESG processing. She also highlighted the complexity of SSH signatures being used for both authentication and other purposes (e.g., Git commits). * DKG confirmed that SSH key usage is domain-separated. * A poll of the room indicated a strong sense that discussing new signature types in the new year was "not crazy." * **CNSA:** Rebecca and Elliot (ISE) confirmed that the CNSA draft is planned for the Independent Submissions stream and encouraged reviews to rfc-ise@rfc-editor.org. ## Decisions and Action Items * **Decision:** The MLCAM-hybrid draft will be processed as an Informational RFC. Authors will be asked to make this change. * **Decision:** A Working Group Last Call will be initiated for the ChaCha20-Poly1305 draft soon. * **Action Item:** Chairs to kick off the WGLC for ChaCha20-Poly1305 using the Datatracker after the meeting. * **Action Item:** Damien to update the Strict Key Exchange draft within approximately one week to incorporate new findings on the Terrapin attack and broaden implementation guidance. * **Action Item:** Reviewers who have read the Strict Key Exchange draft (and others) are encouraged to provide feedback on the updated draft to the mailing list within a week or so of its upload. ## Next Steps * The topic of new signature types for SSH, including the possibility of adoption calls for pure SSH-MLDSA and other post-quantum signature schemes, will be discussed in the new year to assess broad implementer interest and align with the working group's charter. * Chairs will issue Calls for Adoption for Damien's SSH Host Key Update and SSH Certificate drafts once the Strict Key Exchange draft has progressed. Damien will formally request these calls via email to the chairs. * Chairs will follow up with Taro and Florian regarding progress on the SFTP documentation by December.