RFC 1704 (rfc1704) - Page 1 of 17


On Internet Authentication



Alternative Format: Original Text Document



Network Working Group                                          N. Haller
Request for Comments: 1704                  Bell Communications Research
Category: Informational                                      R. Atkinson
                                               Naval Research Laboratory
                                                            October 1994


                       On Internet Authentication

Status of this Memo

   This document provides information for the Internet community.  This
   memo does not specify an Internet standard of any kind.  Distribution
   of this memo is unlimited.

1. INTRODUCTION

   The authentication requirements of computing systems and network
   protocols vary greatly with their intended use, accessibility, and
   their network connectivity.  This document describes a spectrum of
   authentication technologies and provides suggestions to protocol
   developers on what kinds of authentication might be suitable for some
   kinds of protocols and applications used in the Internet.  It is
   hoped that this document will provide useful information to
   interested members of the Internet community.

   Passwords, which are vulnerable to passive attack, are not strong
   enough to be appropriate in the current Internet [CERT94].  Further,
   there is ample evidence that both passive and active attacks are not
   uncommon in the current Internet [Bellovin89, Bellovin92, Bellovin93,
   CB94, Stoll90].  The authors of this paper believe that many
   protocols used in the Internet should have stronger authentication
   mechanisms so that they are at least protected from passive attacks.
   Support for authentication mechanisms secure against active attack is
   clearly desirable in internetworking protocols.

   There are a number of dimensions to the internetwork authentication
   problem and, in the interest of brevity and readability, this
   document only describes some of them.  However, factors that a
   protocol designer should consider include whether authentication is
   between machines or between a human and a machine, whether the
   authentication is local only or distributed across a network,
   strength of the authentication mechanism, and how keys are managed.








Haller & Atkinson