TELNET Authentication Using DSA(1)

　　Network Working Group R. Housley

　　Request for Comments: 2943 T. Horting

　　Category: Standards Track P. Yee

　　SPYRUS

　　September 2000

　　TELNETAuthentication Using DSA

　　Status of this Memo

　　This document specifies an Internet standards track protocol for the　Internet community, and requests discussion and suggestions for　improvements. Please refer to the current edition of the "Internet　Official Protocol Standards" (STD 1) for the standardization state　and status of this protocol. Distribution of this memo is unlimited.

　　Copyright Notice

　　Copyright (C) The Internet Society (2000). All Rights Reserved.

　　Abstract

　　This document defines a telnet authentication mechanism using the　Digital Signature Algorithm (DSA) [FIPS186]. It relies on the Telnet　Authentication Option [RFC2941].

　　1. Command Names and Codes

　　AUTHENTICATION 37

　　Authentication Commands:

　　IS 0

　　SEND 1

　　REPLY 2

　　NAME 3

　　Authentication Types:

　　DSS 14

　　Modifiers:

　　AUTH_WHO_MASK 1

　　AUTH_CLIENT_TO_SERVER 0

　　AUTH_SERVER_TO CLIENT 1

　　AUTH_HOW_MASK 2

　　AUTH_HOW_ONE_WAY 0

　　AUTH_HOW_MUTUAL 2

　　ENCRYPT_MASK 20

　　ENCRYPT_OFF 0

　　ENCRYPT_USING_TELOPT 4

　　ENCRYPT_AFTER_EXCHANGE 16

　　ENCRYPT_RESERVED 20

　　INI_CRED_FWD_MASK 8

　　INI_CRED_FWD_OFF 0

　　INI_CRED_FWD_ON 8

　　Sub-option Commands:

　　DSS_INITIALIZE 1

　　DSS_TOKENBA 2

　　DSS_CERTA_TOKENAB 3

　　DSS_CERTB_TOKENBA2 4

　　2. TELNET Security Extensions

　　TELNET, as a protocol, has no concept of security. Without　negotiated options, it merely passes characters back and forth　between the NVTs represented by the two TELNET processes. In its　most common usage as a protocol for remote terminal access(TCP port　23), TELNET connects to a server that requires user-level　authentication through a user name and password in the clear; the　server does not authenticate itself to the user.

　　The TELNET Authentication Option provides for user authentication and　server authentication. User authentication replaces or augments the　normal host password mechanism. Server authentication is normally　done in conjunction with user authentication.　In order to support these security services, the two TELNET entities　must first negotiate their willingness to support the TELNET　Authentication Option. Upon agreeing to support this option, the　parties are then able to perform sub-option negotiations to the　authentication protocol to be used, and possibly the remote user name　　to be used for authorization checking.

　　Authentication and parameter negotiation occur within an unbounded　series of exchanges. The server proposes a preference-ordered list　of authentication types (mechanisms) which it supports. In addition　　to listing the mechanisms it supports, the server qualifies each　mechanism with a modifier that specifies whether the authentication　is to be one-way or mutual, and in which direction the authentication　is to be performed. The client selects one mechanism from the list　and responds to the server indicating its choice and the first set of　authentication data needed for the selected authentication type. The　server and the client then proceed through whatever number of　iterations are required to arrive at the requested authentication.

　　3. Use of Digital Signature Algorithm (DSA)

　　DSA is also known as the Digital Signature Standard (DSS), and the　names are used interchangeably. This paper specifies a method in　which DSA may be used to achieve certain security services when used　in conjunction with the TELNET Authentication Option. SHA-1　[FIPS180-1] is used with DSA [FIPS186].

　　DSA may provide either unilateral or mutual authentication. Due to　TELNET's character-by-character nature, it is not well-suited to the　application of integrity-only services, therefore use of the DSA　profile provides authentication but it does not provide session　integrity. This specification follows the token and exchanges　defined in NIST FIPS PUB 196 [FIPS196], Standard for Public Key　Cryptographic Entity Authentication Mechanisms including Appendix A　on ASN.1 encoding of messages and tokens. All data that is covered　by a digital signature must be encoded using the Distinguished　Encoding Rules (DER). However, other data may use either the Basic　Encoding Rules (BER) or DER [X.208].

　　3.1. Unilateral Authentication with DSA

　　Unilateral authentication must be done client-to-server. What　follows are the protocol steps necessary to perform DSA　authentication as specified in FIPS PUB 196 under the TELNET　Authentication Option framework. Where failure modes are　encountered, the return codes follow those specified in the TELNET　Authentication Option. They are not enumerated here, as they are　invariant among the mechanisms used. FIPS PUB 196 employs a set of　exchanges that are transferred to provide authentication. Each　exchange employs various fields and tokens, some of which are　optional. In addition, each token has several subfields that are　optional. A conformant subset of the fields and subfields have been　selected.