TELNET Transfer Control Option
"Robert G. Moskowitz" <0003858921@mcimail.com> Tue, 08 June 1993 11:03 UTC
Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa00860; 8 Jun 93 7:03 EDT
Received: from CNRI.RESTON.VA.US by IETF.CNRI.Reston.VA.US id aa00856; 8 Jun 93 7:03 EDT
Received: from list.nih.gov by CNRI.Reston.VA.US id aa03166; 8 Jun 93 7:03 EDT
Received: from LIST.NIH.GOV by LIST.NIH.GOV (IBM VM SMTP V2R2) with BSMTP id 4977; Tue, 08 Jun 93 07:04:48 EDT
Received: from LIST.NIH.GOV by LIST.NIH.GOV (Mailer R2.10 ptf000) with BSMTP id 4973; Tue, 08 Jun 93 07:03:29 EDT
Date: Tue, 08 Jun 1993 10:57:00 +0000
Reply-To: IETF TN3270E Working Group List <TN3270E@list.nih.gov>
X-Orig-Sender: IETF TN3270E Working Group List <TN3270E@list.nih.gov>
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: "Robert G. Moskowitz" <0003858921@mcimail.com>
Subject: TELNET Transfer Control Option
X-To: IETF TN3270E Working Group List <TN3270E@list.nih.gov>
To: Multiple recipients of list TN3270E <TN3270E@list.nih.gov>
Message-ID: <9306080703.aa03166@CNRI.Reston.VA.US>
---------------------------------------------------------------------------
Source-Date: Thu, 03 Jun 1993 16:06:54 -0500
From: Steve Alexander
EMS: INTERNET / MCI ID: 376-5414
MBX: stevea@lachman.com
TO: * Robert G. Moskowitz / MCI ID: 385-8921
TO: telnet ietf
EMS: INTERNET / MCI ID: 376-5414
MBX: telnet-ietf@cray.com
Subject: Telnet Transfer Control Option
Message-Id: 73930603220137/0003765414NA3EM
Source-Msg-Id: <9306032107.AA11355@ra.i88.isc.com>
------- =_aaaaaaaaaa0
Content-Type: text/plain; charset="us-ascii"
While cleaning out some old mail I realized that I never sent this out.
I received this a while back, with the request that the group review it.
Thanks,
-- Steve
------- =_aaaaaaaaaa0
Content-Type: text/plain; charset="us-ascii"
Content-Description: Transfer Control Draft
Network Working Group S. Denton
Internet-Draft Coal Services Corp.
April 1993
TELNET Transfer Control Option
Status of this Memo
This memo defines an Experimental Protocol for the Internet communi-
ty. Discussion and suggestions for improvement are requested.
Please refer to the current edition of the "IAB Official Protocol
Standards" for the standardization state and status of this protocol.
Distribution of this memo is unlimited.
Motivation
There has come into being on the Internet a number of loosely coupled
hypertext multi-user databases (aka MUDs). These may be character-
ized by the existence of a network-unique cursor object (aka player)
which may be passed from host to host when the user is following what
appears to be an otherwise normal database link.
Although the security requirements of these systems are no greater
than those of anonymous FTP, each system keeps track of the user's
location within the database so that each new session starts where
the previous session ended. For this reason, an arbitrary user iden-
tifier is generated the first time a connection is made, and a simple
password protocol is used to avoid accidentally using another user's
cursor. Users normally connect to these databases using a client
program that emulates a simple Network Virtual Terminal.
Currently, the hand-off of a cursor from one host to another is ac-
complished by a procedure the details of which vary from system to
system. For the purposes of this dissusion, the procedure used by
the UnterMUD system will be described. The current host establishes
a connection to the proposed host using a previously agreed upon port
number; the current host transfers the contents of the cursor object
to the proposed host via this connection; when and if the transfer
has been successfully completed, the current host marks the cursor
object as "not-in-use" and sends a message to the user requesting a
transfer to the proposed host. The message has the fixed format
"#### Please reconnect to MyMUD@123.45.67.89 (MUDHOST.YOYODYNE.COM)
port 12345 ####". The user is then expected to manually break the
Telnet connection and establish a new connection to the specified
port. Many of the more specialized client programs recognize this
S. Denton Expires October 1993 [Page 1]
Internet-Draft TELNET Transfer Control Option April 1993
message and attempt to perform the transfer transparently.
The author conjectures that a formalized version of this protocol
would not only be convenient for the users of these databases, but
could be useful in its own right. Several services utilize the Tel-
net protcol for communications to a client. Using this protcol, a
Telnet connection to a service could be dynamically switched to
another host for purposes of load sharing or to facilitate a simpler
data path for information retrieval. E.g., after connecting to an
FTP server, a client may issue a CWD to a directory that is remotely
mounted via NFS from another host that also provides FTP services.
In this case, the client could be advised that an alternative connec-
tion is preferred. Also, the method currently in use is subject to
"spoof"-ing. A message that resembles the transfer request may ac-
cidentally be placed into a MUD (in help text, for instance) where
the client NVT will mistake the message for a genuine transfer re-
quest. Utilization of a Telnet option subnegotiation would make a
transfer request unambiguous.
1. Command names and codes
XFER_CTRL to be assigned
LOGON 0
MUST_XFER 1
2. Command meanings
IAC WILL XFER_CTRL
The sender of this command REQUESTS permission to, or confirms that
it will, suggest transfer to/from another server.
IAC WONT XFER_CTRL
The sender of this command REFUSES to suggest transfer to/from anoth-
er server.
IAC DO XFER_CTRL
The sender of this command REQUESTS that the receiver, or grants the
receiver permission to, suggest transfers between servers.
IAC DONT XFER_CTRL
The sender of this command DEMANDS that the receiver not suggest
transfers between servers.
IAC SB XFER_CTRL ( WILL/WONT/DO/DONT <command> ) ... IAC SE
S. Denton Expires October 1993 [Page 2]
Internet-Draft TELNET Transfer Control Option April 1993
To allow for future expansion of the protocol, each command must be
separately negotiated using the standard WILL/WONT/DO/DONT technique.
Multiple commands may, but need not, be negotiated within a single
subnegotiation.
IAC SB XFER_CTRL MUST_XFER <alternate port> IAC SE
The sender specifies a remote host to which the connection must be
transferred immediately. The sender has already sent all necessary
state information to the remote host via a private channel. The
sender can break the connection immediately.
The parameter specifies the address of the suggested host. If known,
this should be the Internet address expressed as four decimal numbers
separated by periods; optionally a DNS-style host name should be
specified. Space characters are NOT allowed to appear within the
name. If the TCP port number will be the same at the alternate host,
nothing more needs to be said. Otherwise a space character will be
issued, followed by the port number expressed as a 1-5 digit decimal
number. The information will be encoded using NVT ASCII.
IAC SB XFER_CTRL LOGON <handshake> IAC SE
The sender requests that the host utilize a private logon protocol to
effect a transparent transfer of control. This is sent by the client
to a server at the beginning of a session. The meaning of the
handshake data is arbitrary and is not covered by this standard. One
use would be to exchange normal logon prompts and replies in an unam-
biguous fashion. The handshake is a string of NVT ASCII data.
3. Defaults
WONT XFER_CTRL
DONT XFER_CTRL
i.e., this protocol will not be used.
SB XFER_CTRL WONT/DONT LOGON
Transparent reconnect using this protocol will not be allowed.
SB XFER_CTRL WONT/DONT MUST_XFER
Mandatory session tranfer using this protocol will not be allowed.
4. Description and Implementation Notes
WILL and DO are used only at the beginning of the connection to ob-
tain and grant permission for future negotiations. Either side is
S. Denton Expires October 1993 [Page 3]
Internet-Draft TELNET Transfer Control Option April 1993
free to begin negotiations. Because of the possible effect the se-
mantics of the LOGON subnegotiation can have on subsequent Telnet op-
tion negotiations, XFER_CTRL negotiations should be performed as ear-
ly as possible in the session. The protocol is symmetric: a person
could use this option to move a connection from a workstation to a
personal digital assistant. Only the sender of WILL XFER_CTRL may
send XFER_CTRL WILL MUST_XFER and subsequently only that sender may
sent XFER_CTRL MUST_XFER <alternate port>; if both sides might wish
to do this, they should both send WILL XFER_CTRL.
Note that it is common to use the word "server" to refer to the side
of the connection that did the passive TCP open (TCP LISTEN state),
and the word "client" to refer to the side of the connection that did
the active open. In a hand-off from one client to another, the pro-
posed recipient must have already performed a passive TCP open and be
expecting the connection from the server. At this point the notions
of server and client become confused, especially in the context of
the Telnet Authentication Option. To clear this up, the following
rule is suggested: No more than one side of a connection may be in
the XFER_CTRL DO LOGON state and no more than one side may be in the
XFER_CTRL WILL LOGON state; once confirmed, the side in the XFER_CTRL
DO LOGON state shall henceforth be treated as having performed a pas-
sive TCP open, while the side in the XFER_CTRL WILL LOGON state shall
henceforth be treated as having performed an active TCP open. To en-
force this rule, if a side sees XFER_CTRL WILL LOGON after having
first sent XFER_CTRL WILL LOGON, it must send XFER_CTRL DONT LOGON;
if a side sees XFER_CTRL DO LOGON after having first sent XFER_CTRL
DO LOGON, it must send XFER_CTRL WONT LOGON. (This is not expected
to be a problem in practice; failure of this subnegotiation would be
sufficient cause to terminate a session.) Also, because either side
of the new connection could be the former client, a side is allowed
to send the XFER_CTRL WILL LOGON command when it is in either of the
WILL XFER_CTRL or DO XFER_CTRL states.
The sole reason for the existance of the logon handshake procedure to
establish identity rather than using the Telnet authentication op-
tions is that the existing options are too secure. Even a nominally
anonymous user may still have session state information that should
survive a single connection, and any collection of hosts supporting
transfer of control should utilize some method of confirming that an
incoming connection is synonymous to a previous connection. Some may
argue that only MUDs require this capability, but many services could
benefit from this added feature, and often provide a way to use it.
For example, many, if not most, FTP connections on the Internet are
anonymous. In this case, common usage provides for the use of an In-
ternet mailing address as a password to allow administrators to track
usage. This can provide a way to contact users if, for example,
downloaded files are later discovered to contain a security hazard.
RFC 959 gives a state diagram for automating a logon procedure using
S. Denton Expires October 1993 [Page 4]
Internet-Draft TELNET Transfer Control Option April 1993
the client-issued commands USER, PASS, and ACCT. The second imple-
mentation example in this document uses this same state diagram for
automating reconnection. Note that passwords are passed in clear
text through the network. If the connections go through untrusted
networks, there is the possibility that passwords will be compromised
by someone watching the packets as they go by. RFC 1416, along with
1411 and 1412 detail authentication options that should be used in
preference to this procedure whenever such security is warrented.
The final implementation example uses a non-approved but apparently
legal variation of the Telnet authentication option to accomplish the
same end. Again, passwords are passed in clear text through the net-
work.
Finally, RFC 1408 details a Telnet environment option that could be
used to transmit detailed state information during a transfer of con-
trol.
5. Examples
In the following examples, all quoted strings are NVT ASCII.
1. Server demands transfer to an alternate server.
Client Server
[ The client connects to the service at castor.gemini.org. ]
IAC WILL XFER_CTRL
IAC DO XFER_CTRL
IAC SB XFER_CTRL WILL MUST_XFER
IAC SE
IAC SB XFER_CTRL DO MUST_XFER
IAC SE
[ Time passes. Server decides to require transferring the
connection to an alternate server. ]
IAC SB XFER_CTRL MUST_XFER
"pollux.gemini.org 6565" IAC SE
[ The server is requiring the user to reconnect to an alternate
host. The server will break the connection at this point. The
client should immediately connect to port 6565 at
pollux.gemini.org. ]
2. Client connects to an alternate server supporting dynamic control
transfer and reconnection.
Client Server
[ Client connects to server at pollux.gemini.org. ]
IAC WILL XFER_CTRL
IAC DO XFER_CTRL
IAC SB XFER_CTRL WILL LOGON IAC
SE
IAC SB XFER_CTRL DO LOGON IAC SE
IAC SB XFER_CTRL LOGON "USER
123@MyMUD" IAC SE
IAC SB XFER_CTRL LOGON "330
S. Denton Expires October 1993 [Page 5]
Internet-Draft TELNET Transfer Control Option April 1993
Enter password as 'PASS
<password>'" IAC SE
IAC SB XFER_CTRL LOGON "PASS
potrzebie" IAC SE
IAC SB XFER_CTRL LOGON "231
Connected." IAC SE
[ Client and server are connected. ]
3. Transfer of server connection from one client to another.
Host 1 Host A
[ Server (Host A) connects to client(Host 1). ]
IAC WILL XFER_CTRL
IAC DO XFER_CTRL
IAC SB XFER_CTRL WILL MUST_XFER
IAC SE
IAC SB XFER_CTRL DO MUST_XFER
IAC SE
[ Time passes. Host 1 decides to transfer the connection to an
alternate host. Host 2 performs a passive TCP open on port
1234. ]
IAC SB XFER_CTRL MUST_XFER
"123.45.67.89 1234" IAC SE
[ Host 1 breaks connection. Host A performs an active TCP open
to the suggested host and port. ]
Host 2 Host A
IAC WILL XFER_CTRL
IAC DO XFER_CTRL
[ Both hosts have now agreed to some form of the XFER_CTRL
protocol. ]
IAC SB XFER_CTRL WILL LOGON IAC
SE
IAC SB XFER_CTRL DO LOGON IAC SE
[ From this point on for the purposes of this or any other Telnet
option, Host A will be treated as though it had originally
performed a passive TCP open (Host A is the Server) and Host 2
will be treated as though it had originally performed an active
TCP open (Host 2 is the Client). ]
IAC WILL AUTHENTICATION IAC SE
IAC DO AUTHENTICATION IAC SE
[ Both hosts agree to use the Telnet authentication option. Even
though RFC 1416 specifies that only the side of the session
that performed an active open may send WILL AUTHENTICATION, the
successful negotiation of XFER_CTRL WILL LOGON has reversed
logical direction of the connection. (Note: AUTH and ACCEPT
are not defined for the NULL authentication type, but for this
example they are assumed to have the same values as defined for
Kerberos and SPX.) ]
IAC SB AUTHENTICATION SEND NULL
CLIENT|ONE_WAY IAC SE
IAC SB AUTHENTICATION NAME
S. Denton Expires October 1993 [Page 6]
Internet-Draft TELNET Transfer Control Option April 1993
"anonymous" IAC SE
IAC SB AUTHENTICATION IS NULL
CLIENT|ONE_WAY AUTH
"john@yoyodyne.com" IAC SE
IAC SB AUTHENTICATION REPLY NULL
CLIENT|ONE_WAY ACCEPT IAC SE
Future directions
The original concept featured a MAY_XFER command to handle non-
mandatory transfers. This idea ran aground during the initial
implementation because of various uncertainties in the semantics of
the command.
It might be useful if the stable end of the connection could be used
as the repository of connection state information during the transfer
from the old host to the new.
Acknowledgements
Thanks to the inventor of Cyberportals, which inspired me to invent a
standardized protocol to accomplish the same result.
References
[1] Reynolds, J., and J. Postel, "Assigned Numbers", STD 2, RFC 1340,
USC/Information Sciences Institute, July 1992.
[2] Borman, D., "Telnet Authentication Option", RFC 1416, Cray
Research, Inc., February 1993.
[4] Alagappan, K., "Telnet Authentication: SPX", RFC 1412, Digital
Equipment Corporation, January 1985.
[3] Borman, D., "Telnet Authentication: Kerberos", RFC 1411, Cray
Research, Inc., January 1993.
[5] Borman, D., "Telnet Environment Option", RFC 1408, Cray Research,
Inc., February 1993.
[6] Reynolds, J., and J. Postel, "File Transfer Protocol", RFC 959,
USC/Information Sciences Institute, October 1985.
Security Considerations
Security issues are discussed in section 4.
Author's Address
Sam Denton
S. Denton Expires October 1993 [Page 7]
Internet-Draft TELNET Transfer Control Option April 1993
Coal Services Corp.
301 North Memorial Drive
St. Louis, MO 63102
Phone: (314) 342-7853
Fax: (314) 342-3424
Email: sunarch.central.sun.com!peabody!sam.denton
This document is an Internet Draft. Internet Drafts are working
documents of the Internet Engineering Task Force (IETF), its Areas,
and its Working Groups. Note that other groups may also distribute
working documents as Internet Drafts.
Internet Drafts are draft documents valid for a maximum of six
months. Internet Drafts may be updated, replaced, or obsoleted by
other documents at any time. It is not appropriate to use Internet
Drafts as reference material or to cite them other than as a "working
draft" or "work in progress."
Please check the 1id-abstracts.txt listing contained in the
internet-drafts Shadow Directories on nic.ddn.mil, nnsc.nsf.net,
nic.nordu.net, ftp.nisc.sri.com, or munnari.oz.au to learn the
current status of any Internet Draft.
S. Denton Expires October 1993 [Page 8]
------- =_aaaaaaaaaa0--
- TELNET Transfer Control Option Robert G. Moskowitz