RFC 2773 (rfc2773) - Page 3 of 9

Encryption using KEA and SKIPJACK

RFC 2773           Encryption using KEA and SKIPJACK      February 2000


   same protections as those afforded the other FTP commands.  PROT
   commands may be sent on a transfer-by-transfer basis, however, the
   session parameters may not be changed within a session.

2.0  Key Exchange Algorithm (KEA) Profile

   This paper profiles KEA with SKIPJACK to achieve certain security
   services when used in conjunction with the FTP Security Extensions
   framework.  FTP entities may use KEA to give mutual authentication
   and establish data encryption keys.  We specify a simple token format
   and set of exchanges to deliver these services.  Functions that may
   be performed by the Fortezza Crypto Card.

   The reader should be familiar with the extensions in order to
   understand the protocol steps that follow.  In the context of the FTP
   Security Extensions, we suggest the usage of KEA with SKIPJACK for
   authentication, integrity, and confidentiality.

   A client may mutually authenticate with a server.  What follows are
   the protocol steps necessary to perform KEA authentication under the
   FTP Security Extensions framework.  Where failure modes are
   encountered, the return codes follow those specified in the
   Extensions.  They are not enumerated in this document as they are
   invariant among the mechanisms used.  The certificates are ASN.1
   encoded.

   The exchanges detailed below presume a working knowledge of the FTP
   Security Extensions.  The notation for concatenation is " || ".
   Decryption of encrypted data and certification path validation is
   implicitly assumed, but is not shown.

---------------------------------------------------------------------
  Client                             Server

  AUTH KEA-SKIPJACK              -->