RFC 2773 (rfc2773) - Page 1 of 9


Encryption using KEA and SKIPJACK



Alternative Format: Original Text Document



Network Working Group                                        R. Housley
Request for Comments: 2773                                       P. Yee
Updates: 959                                                     SPYRUS
Category: Experimental                                          W. Nace
                                                                    NSA
                                                          February 2000


                   Encryption using KEA and SKIPJACK

Status of this Memo

   This memo defines an Experimental Protocol for the Internet
   community.  It does not specify an Internet standard of any kind.
   Discussion and suggestions for improvement are requested.
   Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2000).  All Rights Reserved.

Abstract

   This document defines a method to encrypt a file transfer using the
   FTP specification STD 9, RFC 959, "File Transfer Protocol (FTP)",
   (October 1985) [3] and RFC 2228, "FTP Security Extensions" (October
   1997) [1].  This method will use the Key Exchange Algorithm (KEA) to
   give mutual authentication and establish the data encryption keys.
   SKIPJACK is used to encrypt file data and the FTP command channel.

1.0 Introduction

   The File Transfer Protocol (FTP) provides no protocol security except
   for a user authentication password which is transmitted in the clear.
   In addition, the protocol does not protect the file transfer session
   beyond the original authentication phase.

   The Internet Engineering Task Force (IETF) Common Authentication
   Technology (CAT) Working Group has proposed security extensions to
   FTP.  These extensions allow the protocol to use more flexible
   security schemes, and in particular allows for various levels of
   protection for the FTP command and data connections.  This document
   describes a profile for the FTP Security Extensions by which these
   mechanisms may be provisioned using the Key Exchange Algorithm (KEA)
   in conjunction with the SKIPJACK symmetric encryption algorithm.






Housley, et al.               Experimental