Re: encrypting telnet

Rick Watson <> Mon, 03 April 1995 21:27 UTC

Received: from by IETF.CNRI.Reston.VA.US id aa01520; 3 Apr 95 17:27 EDT
Received: from CNRI.Reston.VA.US by IETF.CNRI.Reston.VA.US id aa01516; 3 Apr 95 17:27 EDT
Received: from by CNRI.Reston.VA.US id aa15054; 3 Apr 95 17:27 EDT
Received: from ( []) by (8.6.9/CRI-fence-1.4) with SMTP id QAA01196; Mon, 3 Apr 1995 16:17:57 -0500
Received: by (5.0/CRI-5.15.b.orgabbr Sdiv) id AA28829; Mon, 3 Apr 1995 16:17:51 -0500
Received: from by (5.0/CRI-5.15.b.orgabbr Sdiv) id AA28779; Mon, 3 Apr 1995 16:17:44 -0500
Received: from ( []) by (8.6.9/CRI-fence-1.4) with SMTP id QAA01141 for <>; Mon, 3 Apr 1995 16:17:40 -0500
Received: by (5.57/Ultrix3.0-C) id AA21018; Mon, 3 Apr 95 16:17:14 -0500
Date: Mon, 3 Apr 95 16:17:14 -0500
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Rick Watson <>
Message-Id: <>
Subject: Re: encrypting telnet
Content-Length: 3583


Since I've also worked on encrypted access to administrative systems,
I'll summarize what I know. 

You should also take a look at:
for other Mac Kerberos implementations.

The University of Texas developed auth/encrypt Macintosh client
software for NCSA/Telnet and Brown University's tn3270.  Kerberos V4
and Diffie-Hellman are supported. The "old" separate auth/encrypt
options (37 and 38) were used. We developed the method for using
Diffie-Hellman to generate secret keys to encrypt the login
information and/or the session. It is similar to, but not the
same as Texas A&M's SRA.

The Mac client auth/encrypt code is in separate "plugin" modules
so that other auth/encrypt methods can be added without changing
the base Telnet or Tn3270 code.

John Gilmore at Cygnus Support,, is working on a K5

The plugin support is in NCSA/Telnet release 2.6.1 and beyond. I
don't know if Peter has ever released this in tn3270. I'm working
on the public release of the plugin code.

We (UT) worked with Open Connect to support K4 and Diffie-Hellman
auth/encrypt in their server that runs under various Unix systems
which front end an IBM 3174. This (commercial) software should
be available shortly in their next release.

We've also worked with OC on their DynaCom Window's client. Diffie-Hellman
is supported; I'm not sure about Kerberos.

I think Jeff Harrington,, has worked on 
another IBM tn3270 server implementation.

On the TODO list:
 - Work with TAMU/SRA to make Diffie-Hellman methods compatible
    and work with IETF to propose a draft.
 - Find out status of IETF "new" auth-encrypt option. 
 - Find out status of IETF TN3270 encryption options.

Rick Watson 
The University of Texas Computation Center, Networking Services, 512/475-9220

> From Mon Apr  3 15:46:31 1995
> Received: by id AA11987
>   (5.65+/IDA-1.3.5); Mon, 3 Apr 95 15:33:29 -0500
> Received: from by with SMTP id AA11979
>   (5.65+/IDA-1.3.5 for /usr/lib/sendmail -odq -oi -fowner-telnet-ietf telnet-ietf-list); Mon, 3 Apr 95 15:33:27 -0500
> Received: from ( []) by (8.6.9/CRI-fence-1.4) with SMTP id PAA21998; Mon, 3 Apr 1995 15:32:23 -0500
> Received: by (5.0/CRI-5.15.b.orgabbr Sdiv)
> 	id AA17922; Mon, 3 Apr 1995 15:27:12 -0500
> Received: from by (5.0/CRI-5.15.b.orgabbr Sdiv)
> 	id AA17915; Mon, 3 Apr 1995 15:27:10 -0500
> Received: from ( []) by (8.6.9/CRI-fence-1.4) with ESMTP id PAA21079 for <>om>; Mon, 3 Apr 1995 15:27:01 -0500
> Received: (from hedrick@localhost) by (8.6.10+bestmx+oldruq+newsunq/8.6.10) id QAA14597 for; Mon, 3 Apr 1995 16:27:04 -0400
> Date: Mon, 3 Apr 1995 16:27:04 -0400
> From: Chuck Hedrick <>
> Message-Id: <>
> To:
> Subject: encrypting telnet
> Content-Length: 330
> Status: R
> Is there any summary of available telnet implementations that
> encrypt?  We're looking at encrypting connections to our
> administrative systems.  For this we'd need at least clients
> under Microsoft Windows and Unix, and the host side under Unix,
> but it would be preferable to have a host end also under IBM MVS,
> and tn3270 support.