Browse Prior Art Database

On Internet Authentication (RFC1704)

IP.com Disclosure Number: IPCOM000002543D
Original Publication Date: 1994-Oct-01
Included in the Prior Art Database: 2000-Sep-12
Document File: 14 page(s) / 40K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

N. Haller: AUTHOR [+2]

Abstract

The authentication requirements of computing systems and network protocols vary greatly with their intended use, accessibility, and their network connectivity. This document describes a spectrum of authentication technologies and provides suggestions to protocol developers on what kinds of authentication might be suitable for some kinds of protocols and applications used in the Internet. It is hoped that this document will provide useful information to interested members of the Internet community.

This text was extracted from a ASCII Text document.
This is the abbreviated version, containing approximately 7% of the total text.

Network Working Group N. Haller

Request for Comments: 1704 Bell Communications Research

Category: Informational R. Atkinson

Naval Research Laboratory

October 1994

On Internet Authentication

Status of this Memo

This document provides information for the Internet community. This

memo does not specify an Internet standard of any kind. Distribution

of this memo is unlimited.

1. INTRODUCTION

The authentication requirements of computing systems and network

protocols vary greatly with their intended use, accessibility, and

their network connectivity. This document describes a spectrum of

authentication technologies and provides suggestions to protocol

developers on what kinds of authentication might be suitable for some

kinds of protocols and applications used in the Internet. It is

hoped that this document will provide useful information to

interested members of the Internet community.

Passwords, which are vulnerable to passive attack, are not strong

enough to be appropriate in the current Internet [CERT94]. Further,

there is ample evidence that both passive and active attacks are not

uncommon in the current Internet [Bellovin89, Bellovin92, Bellovin93,

CB94, Stoll90]. The authors of this paper believe that many

protocols used in the Internet should have stronger authentication

mechanisms so that they are at least protected from passive attacks.

Support for authentication mechanisms secure against active attack is

clearly desirable in internetworking protocols.

There are a number of dimensions to the internetwork authentication

problem and, in the interest of brevity and readability, this

document only describes some of them. However, factors that a

protocol designer should consider include whether authentication is

between machines or between a human and a machine, whether the

authentication is local only or distributed across a network,

strength of the authentication mechanism, and how keys are managed.

2. DEFINITION OF TERMS

This section briefly defines some of the terms used in this paper to

aid the reader in understanding these suggestions. Other references

on this subject might be using slightly different terms and

definitions because the security community has not reached full

consensus on all definitions. The definitions provided here are

specifically focused on the matters discussed in this particular

document.

Active Attack: An attempt to improperly modify data, gain

authentication, or gain authorization by inserting false

packets into the data stream or by modifying packets

transiting the data stream. (See passive attacks and replay

attacks.)

Asymmetric Cryptography: An encryption system that uses different

...