Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

TELNET Authentication Using DSA (RFC2943)

IP.com Disclosure Number: IPCOM000005136D
Original Publication Date: 2000-Sep-01
Included in the Prior Art Database: 2001-Aug-16
Document File: 13 page(s) / 22K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

R. Housley: AUTHOR [+3]

Abstract

This document defines a telnet authentication mechanism using the Digital Signature Algorithm (DSA) [FIPS186]. It relies on the Telnet Authentication Option [RFC2941].

This text was extracted from a ASCII document.
This is the abbreviated version, containing approximately 17% of the total text.

Network Working Group R. Housley Request for Comments: 2943 T. Horting Category: Standards Track P. Yee

SPYRUS September 2000

TELNET Authentication Using DSA

Status of this Memo

This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (2000). All Rights Reserved.

Abstract

This document defines a telnet authentication mechanism using the Digital Signature Algorithm (DSA) [FIPS186]. It relies on the Telnet Authentication Option [RFC2941].

1. Command Names and Codes

AUTHENTICATION 37

Authentication Commands:

IS 0 SEND 1 REPLY 2 NAME 3

Authentication Types:

DSS 14

Modifiers:

AUTH_WHO_MASK 1 AUTH_CLIENT_TO_SERVER 0 AUTH_SERVER_TO CLIENT 1

Housley, et al. Standards Track [Page 1]

RFC 2943 TELNET Authentication Using DSA September 2000

AUTH_HOW_MASK 2 AUTH_HOW_ONE_WAY 0 AUTH_HOW_MUTUAL 2

ENCRYPT_MASK 20 ENCRYPT_OFF 0 ENCRYPT_USING_TELOPT 4 ENCRYPT_AFTER_EXCHANGE 16 ENCRYPT_RESERVED 20

INI_CRED_FWD_MASK 8 INI_CRED_FWD_OFF 0 INI_CRED_FWD_ON 8

Sub-option Commands:

DSS_INITIALIZE 1 DSS_TOKENBA 2 DSS_CERTA_TOKENAB 3 DSS_CERTB_TOKENBA2 4

2. TELNET Security Extensions

TELNET, as a protocol, has no concept of security. Without negotiated options, it merely passes characters back and forth between the NVTs represented by the two TELNET processes. In its most common usage as a protocol for remote terminal access (TCP port 23), TELNET connects to a server that requires user-level authentication through a user name and password in the clear; the server does not authenticate itself to the user.

The TELNET Authentication Option provides for user authentication and server authentication. User authentication replaces or augments the normal host password mechanism. Server authentication is normally done in conjunction with user authentication.

In order to support these security services, the two TELNET entities must first negotiate their willingness to support the TELNET Authentication Option. Upon agreeing to support this option, the parties are then able to perform sub-option negotiations to the authentication protocol to be used, and possibly the remote user name to be used for authorization checking.

Authentication and parameter negotiation occur within an unbounded series of exchanges. The server proposes a preference-ordered list of authentication types (mechanisms) which it supports. In addition to listing the mechanisms it supports, the server qualifies each mechanism with a modifier that specifies whether the authentication

Ho...