RFC 2773 (rfc2773) - Page 3 of 9
Encryption using KEA and SKIPJACK
Alternative Format: Original Text Document
RFC 2773 Encryption using KEA and SKIPJACK February 2000
same protections as those afforded the other FTP commands. PROT
commands may be sent on a transfer-by-transfer basis, however, the
session parameters may not be changed within a session.
2.0 Key Exchange Algorithm (KEA) Profile
This paper profiles KEA with SKIPJACK to achieve certain security
services when used in conjunction with the FTP Security Extensions
framework. FTP entities may use KEA to give mutual authentication
and establish data encryption keys. We specify a simple token format
and set of exchanges to deliver these services. Functions that may
be performed by the Fortezza Crypto Card.
The reader should be familiar with the extensions in order to
understand the protocol steps that follow. In the context of the FTP
Security Extensions, we suggest the usage of KEA with SKIPJACK for
authentication, integrity, and confidentiality.
A client may mutually authenticate with a server. What follows are
the protocol steps necessary to perform KEA authentication under the
FTP Security Extensions framework. Where failure modes are
encountered, the return codes follow those specified in the
Extensions. They are not enumerated in this document as they are
invariant among the mechanisms used. The certificates are ASN.1
encoded.
The exchanges detailed below presume a working knowledge of the FTP
Security Extensions. The notation for concatenation is " || ".
Decryption of encrypted data and certification path validation is
implicitly assumed, but is not shown.
---------------------------------------------------------------------
Client Server
AUTH KEA-SKIPJACK -->