Encryption using KEA and SKIPJACK (RFC2773)
Original Publication Date: 2000-Feb-01
Included in the Prior Art Database: 2000-Sep-13
Internet Society Requests For Comment (RFCs)
R. Housley: AUTHOR [+3]
This document defines a method to encrypt a file transfer using the FTP specification STD 9, RFC 959, "File Transfer Protocol (FTP)", (October 1985)  and RFC 2228, "FTP Security Extensions" (October 1997) . This method will use the Key Exchange Algorithm (KEA) to give mutual authentication and establish the data encryption keys. SKIPJACK is used to encrypt file data and the FTP command channel.
Network Working Group R. Housley
Request for Comments: 2773 P. Yee
Updates: 959 SPYRUS
Category: Experimental W. Nace
Encryption using KEA and SKIPJACK
Status of this Memo
This memo defines an Experimental Protocol for the Internet
community. It does not specify an Internet standard of any kind.
Discussion and suggestions for improvement are requested.
Distribution of this memo is unlimited.
Copyright (C) The Internet Society (2000). All Rights Reserved.
This document defines a method to encrypt a file transfer using the
FTP specification STD 9, RFC 959, "File Transfer Protocol (FTP)",
(October 1985)  and RFC 2228, "FTP Security Extensions" (October
1997) . This method will use the Key Exchange Algorithm (KEA) to
give mutual authentication and establish the data encryption keys.
SKIPJACK is used to encrypt file data and the FTP command channel.
The File Transfer Protocol (FTP) provides no protocol security except
for a user authentication password which is transmitted in the clear.
In addition, the protocol does not protect the file transfer session
beyond the original authentication phase.
The Internet Engineering Task Force (IETF) Common Authentication
Technology (CAT) Working Group has proposed security extensions to
FTP. These extensions allow the protocol to use more flexible
security schemes, and in particular allows for various levels of
protection for the FTP command and data connections. This document
describes a profile for the FTP Security Extensions by which these
mechanisms may be provisioned using the Key Exchange Algorithm (KEA)
in conjunction with the SKIPJACK symmetric encryption algorithm.
FTP Security Extensions  provides:
* user authentication -- augmenting the normal password
* server authentication -- normally done in conjunction with user
* session parameter negotiation -- in particular, encryption keys
* command connection protection -- integrity, confidentiality, or
* data transfer protection -- same as for command connection
In order to support the above security services, the two FTP entities
negotiate a mechanism. This process is open-ended and completes when
both entities agree on an acceptable mechanism or when the initiating
party (always the client) is unable to suggest an agreeable
mechanism. Once the entities agree upon a mechanism, they may
commence authentication and/or parameter negotiation.
Authentication and parameter negotiation occur within a...