Re: Telnet encryption

John Gardiner Myers <jgm+@cmu.edu> Fri, 09 February 1996 18:28 UTC

Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa18607; 9 Feb 96 13:28 EST
Received: from CNRI.Reston.VA.US by IETF.CNRI.Reston.VA.US id aa18603; 9 Feb 96 13:28 EST
Received: from timbuk.cray.com by CNRI.Reston.VA.US id aa11412; 9 Feb 96 13:28 EST
Received: from ironwood.cray.com (daemon@ironwood-fddi.cray.com [128.162.21.36]) by timbuk.cray.com (8.6.12/CRI-gate-8-2.11) with ESMTP id MAA11784; Fri, 9 Feb 1996 12:24:10 -0600
Received: (from daemon@localhost) by ironwood.cray.com (8.6.12/CRI-ccm_serv-8-2.8) id MAA24850 for telnet-ietf_list@sdiv; Fri, 9 Feb 1996 12:18:53 -0600
Received: from t2.cray.com (root@t2 [128.162.19.5]) by ironwood.cray.com (8.6.12/CRI-ccm_serv-8-2.8) with ESMTP id MAA24839 for <telnet-ietf@ironwood.cray.com>; Fri, 9 Feb 1996 12:18:52 -0600
Received: from timbuk.cray.com (root@timbuk.cray.com [128.162.19.7]) by t2.cray.com (8.6.12/craymail-smart) with ESMTP id MAA18049 for <telnet-ietf@cray.com>; Fri, 9 Feb 1996 12:18:51 -0600
Received: from po10.andrew.cmu.edu (PO10.ANDREW.CMU.EDU [128.2.10.110]) by timbuk.cray.com (8.6.12/CRI-gate-8-2.11) with ESMTP id MAA11352 for <telnet-ietf@cray.com>; Fri, 9 Feb 1996 12:18:48 -0600
Received: (from postman@localhost) by po10.andrew.cmu.edu (8.7.3/8.7.1) id NAA00645 for telnet-ietf@cray.com; Fri, 9 Feb 1996 13:18:45 -0500
Received: via switchmail; Fri, 9 Feb 1996 13:18:45 -0500 (EST)
Received: from hogtown.andrew.cmu.edu via qmail ID </afs/andrew.cmu.edu/service/mailqs/testq0/QF.Il6szO200WBwM0ZZ1R>; Fri, 9 Feb 1996 13:18:02 -0500 (EST)
Received: from hogtown.andrew.cmu.edu via qmail ID </afs/andrew.cmu.edu/usr7/jgm/.Outgoing/QF.wl6szL600WBwM11jJ6>; Fri, 9 Feb 1996 13:17:59 -0500 (EST)
Received: from BatMail.robin.v2.14.CUILIB.3.45.SNAP.NOT.LINKED.hogtown.andrew.cmu.edu.sun4c.411 via MS.5.6.hogtown.andrew.cmu.edu.sun4c_411; Fri, 9 Feb 1996 13:17:55 -0500 (EST)
Message-ID: <8l6szHi00WBw411j93@andrew.cmu.edu>
Date: Fri, 9 Feb 1996 13:17:55 -0500 (EST)
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: John Gardiner Myers <jgm+@cmu.edu>
To: telnet-ietf@cray.com
Subject: Re: Telnet encryption
In-Reply-To: <199602090223.VAA06128@badger.lehman.com>
References: <199602090223.VAA06128@badger.lehman.com>

"Richard Basch" <basch@lehman.com> writes:
> In some cases, it may employ the keys that were
> negotiated during the authentication option, but a combined option
> should not be designed that inhibits the use of encryption without
> authentication.

The issue is not so much encryption as integrity protection of the
authenticated connection.  If a client is willing to authenticate a
connection to be used without integrity protection, the negotiation of
its willingness to do without integrity protection must be integrity
protected.

An authentication protocol which does not allow a client to make its
authentication conditional upon the integrity protection of the
connection is simply unacceptable.

It just so happens that for Telnet, the only integrity protection
people are interested in is encryption.

As for "inhibiting the use of encryption without authentication", one
could define an "authentication" mechanism, such as Diffie-Hellman,
which is only able to "authenticate" the anonymous identity.

-- 
_.John G. Myers		Internet: jgm+@CMU.EDU
			LoseNet:  ...!seismo!ihnp4!wiscvm.wisc.edu!give!up