| < draft-housley-telnet-auth-keasj-04.txt | draft-housley-telnet-auth-keasj-05.txt > | |||
|---|---|---|---|---|
| Secure TELNET Working Group Russell Housley (SPYRUS) | Secure TELNET Working Group Russell Housley (SPYRUS) | |||
| Todd Horting (SPYRUS) | Todd Horting (SPYRUS) | |||
| Internet-Draft Peter Yee (SPYRUS) | Internet-Draft Peter Yee (SPYRUS) | |||
| August 1999 | April 2000 | |||
| TELNET Authentication Using KEA and SKIPJACK | TELNET Authentication Using KEA and SKIPJACK | |||
| <draft-housley-telnet-auth-keasj-04.txt> | <draft-housley-telnet-auth-keasj-05.txt> | |||
| Status of this Memo | Status of this Memo | |||
| This document is an Internet-Draft and is in full conformance with | This document is an Internet-Draft and is in full conformance with | |||
| all provisions of Section 10 of RFC2026. | all provisions of Section 10 of RFC2026. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
| other groups may also distribute working documents as Internet- | other groups may also distribute working documents as Internet- | |||
| Drafts. | Drafts. | |||
| skipping to change at page 9, line 24 ¶ | skipping to change at page 9, line 24 ¶ | |||
| PRNG technique. | PRNG technique. | |||
| By linking the enabling of encryption as a side effect of successful | By linking the enabling of encryption as a side effect of successful | |||
| authentication, protection is provided against an active attacker. | authentication, protection is provided against an active attacker. | |||
| If encryption were enabled as a separate negotiation, it would | If encryption were enabled as a separate negotiation, it would | |||
| provide a window of vulnerability from when the authentication | provide a window of vulnerability from when the authentication | |||
| completes, up to and including the negotiation to turn on encryption. | completes, up to and including the negotiation to turn on encryption. | |||
| The only safe way to restart encryption, if it is turned off, is to | The only safe way to restart encryption, if it is turned off, is to | |||
| repeat the entire authentication process. | repeat the entire authentication process. | |||
| 5.0. Acknowledgements | 5. IANA Considerations | |||
| The authentication types KEA_SJ and KEA_SJ_INTEG and their associated | ||||
| suboption valuesare registered with IANA. Any suboption values used | ||||
| to extend the protocol as described in this document must be registered | ||||
| with IANA before use. IANA is instructed not to issue new suboption | ||||
| values without submission of documentation of their use. | ||||
| 6.0. Acknowledgements | ||||
| We would like to thank William Nace for support during implementation | We would like to thank William Nace for support during implementation | |||
| of this specification. | of this specification. | |||
| 6.0. References | 7.0. References | |||
| [1] - Postel, J., Reynolds, J., "TELNET Protocol Specification". | [1] - Postel, J., Reynolds, J., "TELNET Protocol Specification". | |||
| RFC 854. May 1983. | RFC 854. May 1983. | |||
| [2] - T. Ts'o, "TELNET Authentication Option". | [2] - T. Ts'o, "TELNET Authentication Option". | |||
| <draft-tso-telnet-auth-enc-02.txt>, July 1999. | <draft-tso-telnet-auth-enc-02.txt>, July 1999. | |||
| [3] - Secure Hash Standard. FIPS Pub 180-1. April 17, 1995. | [3] - Secure Hash Standard. FIPS Pub 180-1. April 17, 1995. | |||
| [4] - "SKIPJACK and KEA Algorithm Specification", Version 2.0, | [4] - "SKIPJACK and KEA Algorithm Specification", Version 2.0, | |||
| skipping to change at page 10, line 16 ¶ | skipping to change at page 10, line 20 ¶ | |||
| Infrastructure - Representation of Key Exchange Algorithm (KEA) | Infrastructure - Representation of Key Exchange Algorithm (KEA) | |||
| Keys in Internet X.509 Public Key Infrastructure Cerificates", | Keys in Internet X.509 Public Key Infrastructure Cerificates", | |||
| RFC 2528, March 1999. | RFC 2528, March 1999. | |||
| [8] - Eastlake, D., Crocker, S. and J. Schiller, "Randomness | [8] - Eastlake, D., Crocker, S. and J. Schiller, "Randomness | |||
| Recommendations for Security", RFC 1750, December 1994. | Recommendations for Security", RFC 1750, December 1994. | |||
| [9) - National Institute of Standards and Technology. | [9) - National Institute of Standards and Technology. | |||
| FIPS Pub 186: Digital Signature Standard. 19 May 1994. | FIPS Pub 186: Digital Signature Standard. 19 May 1994. | |||
| 7.0. Authors' Addresses | 8.0. Authors' Addresses | |||
| Russell Housley | Russell Housley | |||
| SPYRUS | SPYRUS | |||
| 381 Elden Street, Suite 1120 | 381 Elden Street, Suite 1120 | |||
| Herndon, VA 20170 | Herndon, VA 20170 | |||
| USA | USA | |||
| Email: housley@spyrus.com | Email: housley@spyrus.com | |||
| Todd Horting | Todd Horting | |||
| SPYRUS | SPYRUS | |||
| skipping to change at line 448 ¶ | skipping to change at line 456 ¶ | |||
| Herndon, VA 20170 | Herndon, VA 20170 | |||
| USA | USA | |||
| Email: thorting@spyrus.com | Email: thorting@spyrus.com | |||
| Peter Yee | Peter Yee | |||
| SPYRUS | SPYRUS | |||
| 5303 Betsy Ross Drive | 5303 Betsy Ross Drive | |||
| Santa Clara, CA 95054 | Santa Clara, CA 95054 | |||
| USA | USA | |||
| Email: yee@spyrus.com | Email: yee@spyrus.com | |||
| Jeffrey Altman * Sr.Software Designer * Kermit-95 for Win32 and OS/2 | ||||
| The Kermit Project * Columbia University | ||||
| 612 West 115th St #716 * New York, NY * 10025 | ||||
| http://www.kermit-project.org/k95.html * kermit-support@kermit-project.org | ||||
| End of changes. 6 change blocks. | ||||
| 5 lines changed or deleted | 13 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||