Draft telnet minutes from Houston

Steve Alexander <stevea@lachman.com> Sat, 06 November 1993 18:56 UTC

Message-Id: <9311061855.AA24296@ra.i88.isc.com>
To: telnet-ietf@cray.com
Subject: Draft telnet minutes from Houston
Cc: erik.huizer@surfnet.nl, klensin@infoods.unu.edu
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Sat, 06 Nov 1993 12:55:27 -0600
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Steve Alexander <stevea@lachman.com>

[ Attendees please review and comment.  Thanks, -- Steve ]

Summary of Telnet Meeting (November 2nd, 1993)

Group Name: Telnet
IETF Area: Application
Chair: Steve Alexander
Date/Time: Tuesday, November 2, 1993 0930-1200

	TELNET AGENDA

	- Any feedback on Environment Last Call
	- Discussion of merged Authentication/Encryption, with emphasis
	  on a plan to get the document(s) finished
	- Any other business

- Steve presented the agenda and asked if there were other items that
  needed to be discussed.  Marjo Mercado asked about the charter, so a brief 
  discussion was held.  Steve stated that the charter was no longer open
  ended, and that the group would conclude when Environment and Authentication
  were done.  If other issues arise the charter will have to be amended.  
  There was general agreement on this point.

- Since a Last Call has been issued for Environment, Steve asked for any
  feedback.  Marjo pointed out a minor grammatical error which will need to be
  corrected during the RFC editing process.  Steve urged everyone to review the
  document if they haven't already.

- The bulk of the meeting was devoted to Authentication.  Dave Borman is
  currently implementing the merged options (auth+encrypt).  The group 
  discussed whether it is OK to abandon the output mode DES - this seemed
  acceptable to all present.  Ted Ts'o raised the a concern about active
  attackers forcing the use of a weaker encryption mechanism.  There was brief
  discussion on this point and Ted agreed to write up his view of how this
  could be avoided.
  
  John Linn expressed concern about getting a Kerberos V authentication 
  document out ahead of the merged mechanism.  The group agreed that the
  current V5 draft could be issued as an Experimental RFC. Steve will send the
  current draft to Ted for review.

- Dave mentioned that he would like to release his current telnet reference
  sources in the near term, but is concerned about the encryption code.  Ted
  suggested that perhaps MIT could be a distribution point, since they have a
  similar problem with the Kerberos distribution.

- Sam Sjogren raised the issue of interoperability testing.  The group was 
  receptive, and may try to schedule an event prior to the Seattle meeting.
  This would most likely be a virtual event held between cooperating parties
  via the Internet.  There was some discussion of whether this would be
  appropriate to have at an IETF meeting, but no conclusion was reached.

Action items:
 	- Dave Borman will finish implementation of the merged auth/encrypt
	- Ted Ts'o will write up a discussion of how he'd like to see the
	  encryption type negotiation covered by a checksum to prevent active
	  attackers from forcing a weak encryption method to be negotiated.
	- Steve will fine-tune Kerberos V draft and send to Ted for review
	  with the goal of issuing it as an Experimental RFC
	- Steve/Dave will drive the document editing process so that work on
	  merging the encryption text into the Kerberos documents will be 
	  complete by Seattle
	- Steve will work with the ADs and RFC Editor to get changes from the
	  Last Call into the Environment spec prior to issuing of the RFC

Draft telnet minutes from Houston Steve Alexander