Telnet Encryption Specification

["Theodore Y. Ts'o" <tytso at mit.edu>]

Well, after a five year hiatus, I'm trying to get the Telnet Encryption
specifications finally published as RFC's.  It's been too long, and in
the mean time, we have a number of interoperable implementations, so we
should really document the protocol.

For example, the Kerberos V5 telnet authentication/encryption is
implemented in both the the MIT release of Kerberos, as well as in the
Cisco IOS software.  The latter was implemented due to operational
pressures a year or two ago; attackers were targeting high-value assets
in the global Internet infrastructure, and attacking them with TCP
hijacking programs.  This prevented a number of large ISP's from being
able to remotely manage their routers (which is a nice touch if you run
a global Internet backbone :-).  

Up until now, though, unless you count the sources in the MIT Kerberos
V5 1.0 release :-), the protocol that was used was never documented.

I've just sent five documents to the Internet-Drafts directory: a
revised Telnet Authentication Option document (to replace the
experimental-track RFC 1416), a Telnet Encryption Option document, two
DES cipher algorithm documents, and the Kerberos V5 telnet
authentication specification document.  

You can see the drafts by going to this URL:

	http://web.mit.edu/tytso/www/telnet/

Comments can go to me, or if people don't mind my using the old telnet
working group list (after all, these drafts were orginated out of the
telent wg lo these many years ago), to telnet-ietf at bsdi.com.

							- Ted