Browse Prior Art Database

Encryption using KEA and SKIPJACK (RFC2773)

IP.com Disclosure Number: IPCOM000003371D
Original Publication Date: 2000-Feb-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 7 page(s) / 19K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

R. Housley: AUTHOR [+3]

Abstract

This document defines a method to encrypt a file transfer using the FTP specification STD 9, RFC 959, "File Transfer Protocol (FTP)", (October 1985) [3] and RFC 2228, "FTP Security Extensions" (October 1997) [1]. This method will use the Key Exchange Algorithm (KEA) to give mutual authentication and establish the data encryption keys. SKIPJACK is used to encrypt file data and the FTP command channel.

This text was extracted from a ASCII Text document.
This is the abbreviated version, containing approximately 16% of the total text.

Network Working Group R. Housley

Request for Comments: 2773 P. Yee

Updates: 959 SPYRUS

Category: Experimental W. Nace

NSA

February 2000

Encryption using KEA and SKIPJACK

Status of this Memo

This memo defines an Experimental Protocol for the Internet

community. It does not specify an Internet standard of any kind.

Discussion and suggestions for improvement are requested.

Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (2000). All Rights Reserved.

Abstract

This document defines a method to encrypt a file transfer using the

FTP specification STD 9, RFC 959, "File Transfer Protocol (FTP)",

(October 1985) [3] and RFC 2228, "FTP Security Extensions" (October

1997) [1]. This method will use the Key Exchange Algorithm (KEA) to

give mutual authentication and establish the data encryption keys.

SKIPJACK is used to encrypt file data and the FTP command channel.

1.0 Introduction

The File Transfer Protocol (FTP) provides no protocol security except

for a user authentication password which is transmitted in the clear.

In addition, the protocol does not protect the file transfer session

beyond the original authentication phase.

The Internet Engineering Task Force (IETF) Common Authentication

Technology (CAT) Working Group has proposed security extensions to

FTP. These extensions allow the protocol to use more flexible

security schemes, and in particular allows for various levels of

protection for the FTP command and data connections. This document

describes a profile for the FTP Security Extensions by which these

mechanisms may be provisioned using the Key Exchange Algorithm (KEA)

in conjunction with the SKIPJACK symmetric encryption algorithm.

FTP Security Extensions [1] provides:

* user authentication -- augmenting the normal password

mechanism;

* server authentication -- normally done in conjunction with user

authentication;

* session parameter negotiation -- in particular, encryption keys

and attributes;

* command connection protection -- integrity, confidentiality, or

both;

* data transfer protection -- same as for command connection

protection.

In order to support the above security services, the two FTP entities

negotiate a mechanism. This process is open-ended and completes when

both entities agree on an acceptable mechanism or when the initiating

party (always the client) is unable to suggest an agreeable

mechanism. Once the entities agree upon a mechanism, they may

commence authentication and/or parameter negotiation.

Authentication and parameter negotiation occur within a...