RFC relevance of password

As per Relevance of the word password, we have this rfc below:

Network Working Group N.
Request for Comments: 1704 Bell Communications
Category: Informational R.
Naval Research
October 1994

On Internet

Status of this

This document provides information for the Internet community.
memo does not specify an Internet standard of any kind.
of this memo is unlimited

1.

The authentication requirements of computing systems and
protocols vary greatly with their intended use, accessibility,
their network connectivity. This document describes a spectrum
authentication technologies and provides suggestions to
developers on what kinds of authentication might be suitable for
kinds of protocols and applications used in the Internet. It
hoped that this document will provide useful information
interested members of the Internet community

Passwords, which are vulnerable to passive attack, are not
enough to be appropriate in the current Internet [CERT94]. Further
there is ample evidence that both passive and active attacks are
uncommon in the current Internet [Bellovin89, Bellovin92, Bellovin93,
CB94, Stoll90]. The authors of this paper believe that
protocols used in the Internet should have stronger
mechanisms so that they are at least protected from passive attacks
Support for authentication mechanisms secure against active attack
clearly desirable in internetworking protocols

There are a number of dimensions to the internetwork
problem and, in the interest of brevity and readability,
document only describes some of them. However, factors that
protocol designer should consider include whether authentication
between machines or between a human and a machine, whether
authentication is local only or distributed across a network
strength of the authentication mechanism, and how keys are managed

Haller & Atkinson [Page 1]

RFC 1704 On Internet Authentication October 1994

2. DEFINITION OF

This section briefly defines some of the terms used in this paper
aid the reader in understanding these suggestions. Other
on this subject might be using slightly different terms
definitions because the security community has not reached
consensus on all definitions. The definitions provided here
specifically focused on the matters discussed in this
document

Active Attack: An attempt to improperly modify data,
authentication, or gain authorization by inserting
packets into the data stream or by modifying
transiting the data stream. (See passive attacks and
attacks.)

Asymmetric Cryptography: An encryption system that uses
keys, for encryption and decryption. The two keys have
intrinsic mathematical relationship to each other.
called Public~Key~Cryptography. (See Symmetric Cryptography

Authentication: The verification of the identity of the source
information

Authorization: The granting of access rights based on
authenticated identity

Confidentiality: The protection of information so that someone
authorized to access the information cannot read
information even though the unauthorized person might see
information's container (e.g., computer file or
packet).

Encryption: A mechanism often used to provide confidentiality

Integrity: The protection of information from
modification

Key Certificate: A data structure consisting of a public key,
identity of the person, system, or role associated with
key, and information authenticating both the key and
association between that identity and that public key.
keys used by PEM are one example of a key
[Kent93].

Passive Attack: An attack on an authentication system that
no data into the stream, but instead relies on being able
passively monitor information being sent between

Haller & Atkinson [Page 2]

RFC 1704 On Internet Authentication October 1994

parties. This information could be used a later time in
appears to be a valid session. (See active attack and
attack.)

Plain-text: Unencrypted text

Replay Attack: An attack on an authentication system by
and replaying previously sent valid messages (or parts
messages). Any constant authentication information, such as
password or electronically transmitted biometric data, can
recorded and used later to forge messages that appear to
authentic

Symmetric Cryptography: An encryption system that uses the same
for encryption and decryption. Sometimes referred to
Secret~Key~Cryptography

3. AUTHENTICATION

There are a number of different classes of authentication,
from no authentication to very strong authentication.
authentication mechanisms are appropriate for addressing
kinds of authentication problems, so this is not a
hierarchical ordering

3.1 No

For completeness, the simplest authentication system is not
have any. A non-networked PC in a private (secure) location is
example of where no authentication is acceptable. Another case
a stand-alone public workstation, such as "mail reading
workstations provided at some conferences, on which the data
not sensitive to disclosure or modification

3.2 Authentication Mechanisms Vulnerable to Passive

The simple password check is by far the most common form
authentication. Simple authentication checks come in many forms
the key may be a password memorized by the user, it may be
physical or electronic item possessed by the user, or it may be
unique biological feature. Simple authentication systems are
to be "disclosing" because if the key is transmitted over
network it is disclosed to eavesdroppers. There have
widespread reports of successful passive attacks in the
Internet using already compromised machines to engage in
attacks against additional machines [CERT94].
authentication mechanisms are vulnerable to replay attacks
Access keys may be stored on the target system, in which case

Haller & Atkinson [Page 3]

RFC 1704 On Internet Authentication October 1994

single breach in system security may gain access to all passwords
Alternatively, as on most systems, the data stored on the
can be enough to verify passwords but not to generate them

3.3 Authentication Mechanisms Vulnerable to Active

Non-disclosing password systems have been designed to
replay attacks. Several systems have been invented to
non-disclosing passwords. For example, the SecurID Card
Security Dynamics uses synchronized clocks for
information. The card generates a visual display and thus must
in the possession of the person seeking authentication. The S/
(TM) authentication system developed at Bellcore
multiple single use passwords from a single secret key [Haller94].
It does not use a physical token, so it is also suitable
machine-machine authentication. In addition there are challenge
response systems in which a device or computer program is used
generate a verifiable response from a non-repeating challenge
S/Key authentication does not require the storage of the user'
secret key, which is an advantage when dealing with
untrustworthy computing systems. In its current form, the S/
system is vulnerable to a dictionary attack on the secret
(pass phrase) which might have been poorly chosen. The Point-to
Point Protocol's CHAP challenge-response system is non-
but only useful locally [LS92, Simpson93]. These systems vary
the sensitivity of the information stored in the
host, and thus vary in the security requirements that must
placed on that host

3.4 Authentication Mechanisms Not Vulnerable to Active

The growing use of networked computing environments has led to
need for stronger authentication. In open networks, many
can gain access to any information flowing over the network,
with additional effort, a user can send information that
to come from another user

More powerful authentication systems make use of the
capability of the two authenticating parties. Authentication
be unidirectional, for example authenticating users to a
computer system, or it may be mutual in which case the
logging in is assured of the identity of the host.
authentication systems use cryptographic techniques and
(as a part of the authentication process) a shared secret (e.g.,
session key) that can be used for further exchanges. For example
a user, after completion of the authentication process, might
granted an authorization ticket that can be used to obtain
services without further authentication. These

Haller & Atkinson [Page 4]

RFC 1704 On Internet Authentication October 1994

systems might also provide confidentiality (using encryption)
insecure networks when required

4.

Cryptographic mechanisms are widely used to provide authentication
either with or without confidentiality, in computer networks
internetworks. There are two basic kinds of cryptography and
are described in this section. A fundamental and recurring
with cryptographic mechanisms is how to securely distribute keys
the communicating parties. Key distribution is addressed in
6 of this document

4.1 Symmetric

Symmetric Cryptography includes all systems that use the same
for encryption and decryption. Thus if anyone improperly
the key, they can both decrypt and read data encrypted using
key and also encrypt false data and make it appear to be valid
This means that knowledge of the key by an undesired third
fully compromises the confidentiality of the system. Therefore
the keys used need to be distributed securely, either by
or perhaps by use of a key distribution protocol, of which
best known is perhaps that proposed by Needham and
[NS78, NS87]. The widely used Data Encryption Standard (DES
algorithm, that has been standardized for use to
unclassified civilian US Government information, is perhaps
best known symmetric encryption algorithm [NBS77].

A well known system that addresses insecure open networks as
part of a computing environment is the Kerberos (TM
Authentication Service that was developed as part of
Athena at MIT [SNS88, BM91, KN93]. Kerberos is based on
Encryption Standard (DES) symmetric key encryption and uses
trusted (third party) host that knows the secret keys of all
and services, and thus can generate credentials that can be
by users and servers to prove their identities to other systems
As with any distributed authentication scheme, these
will be believed by any computer within the local
domain or realm. Hence, if a user's password is disclosed,
attacker would be able to masquerade as that user on any
which trusts Kerberos. As the Kerberos server knows all
keys, it must be physically secure. Kerberos session keys can
used to provide confidentiality between any entities that
the key server

Haller & Atkinson [Page 5]

RFC 1704 On Internet Authentication October 1994

4.2 Asymmetric

In the late 1970s, a major breakthrough in cryptology led to
availability of Asymmetric Cryptography. This is different
Symmetric Cryptography because different keys are used
encryption and decryption, which greatly simplifies the
distribution problem. The best known asymmetric system is
on work by Rivest, Shamir, and Adleman and is often referred to
"RSA" after the authors' initials [RSA78].

SPX is an experimental system that overcomes the limitations
the trusted key distribution center of Kerberos by using
Public Key Cryptography [TA91]. SPX assumes a global hierarchy
certifying authorities at least one of which is trusted by
party. It uses digital signatures that consist of a
encrypted in the private key of the signing entity and that
validated using the appropriate public key. The public keys
believed to be correct as they are obtained under the signature
the trusted certification authority. Critical parts of
authentication exchange are encrypted in the public keys of
receivers, thus preventing a replay attack

4.3 Cryptographic

Cryptographic checksums are one of the most useful near term
for protocol designers. A cryptographic checksum or
integrity checksum (MIC) provides data integrity
authentication but not non-repudiation. For example, Secure
and SNMPv2 both calculate a MD5 cryptographic checksum over
shared secret item of data and the information to be
[Rivest92, GM93]. This serves to authenticate the data origin
is believed to be very difficult to forge. It does
authenticate that the data being sent is itself valid, only
it was actually sent by the party that claims to have sent it
Crytographic checksums can be used to provide relatively
authentication and are particularly useful in host-to-
communications. The main implementation difficulty
cryptographic checksums is key distribution

4.4 Digital

A digital signature is a cryptographic mechanism which is
electronic equivalent of a written signature. It serves
authenticate a piece of data as to the sender. A
signature using asymmetric cryptography (Public Key) can also
useful in proving that data originated with a party even if
party denies having sent it; this property is called non
repudiation. A digital signature provides authentication

Haller & Atkinson [Page 6]

RFC 1704 On Internet Authentication October 1994

confidentiality and without incurring some of the difficulties
full encryption. Digital signatures are being used with
certificates for Privacy Enhanced Mail [Linn93, Kent93,
Balenson93, Kaliski93].

5. USER TO HOST

There are a number of different approaches to authenticating users
remote or networked hosts. Two types of hazard are created by
or networked access: First an intruder can eavesdrop on the
and obtain user ids and passwords for a later replay attack. Even
form of existing passwords provides a potential intruder with a
start in guessing new ones

Currently, most systems use plain-text disclosing passwords sent
the network (typically using telnet or rlogin) from the user to
remote host [Anderson84, Kantor91]. This system does not
adequate protection from replay attacks where an eavesdropper
remote user ids and remote passwords

5.1 Protection Against Passive Attack Is

Failure to use at least a non-disclosing password system
that unlimited access is unintentionally granted to anyone
physical access to the network. For example, anyone with
access to the Ethernet cable can impersonate any user on
portion of the network. Thus, when one has plain-text
passwords on an Ethernet, the primary security system is the
at the door (if any exist). The same problem exists in other
technologies such as Token-Ring or FDDI. In some small
Local Area Networks (LANs) it may be acceptable to take this risk
but it is an unacceptable risk in an Internet [CERT94].

The minimal defense against passive attacks, such
eavesdropping, is to use a non-disclosing password system. Such
system can be run from a dumb terminal or a simple
program (e.g., Crosstalk or PROCOMM) that emulates a dumb
on a PC class computer. Using a stronger authentication
would certainly defend against passive attacks against
accessed systems, but at the cost of not being able to use
terminals. It is reasonable to expect that the vendors
communications programs and non user-programmable terminals (
as X-Terminals) would build in non-disclosing password or
authentication systems if they were standardized or if a
market were offered. One of the advantages of Kerberos is that
if used properly, the user's password never leaves the user'
workstation. Instead they are used to decrypt the user's
tickets, which are themselves encrypted information which are

Haller & Atkinson [Page 7]

RFC 1704 On Internet Authentication October 1994

over the network to application servers

5.2 Perimeter Defenses as Short Term

Perimeter defenses are becoming more common. In these systems
the user first authenticates to an entity on an
accessible portion of the network, possibly a "firewall" host
the Internet, using a non-disclosing password system. The
then uses a second system to authenticate to each host, or
of hosts, from which service is desired. This decouples
problem into two more easily handled situations

There are several disadvantages to the perimeter defense, so
should be thought of as a short term solution. The gateway is
transparent at the IP level, so it must treat every
independently. The use of double authentication is, in general
difficult or impossible for computer-computer communication.
to end protocols, which are common on the connectionless Internet
could easily break. The perimeter defense must be tight
complete, because if it is broken, the inner defenses tend to
too weak to stop a potential intruder. For example, if
passwords are used internally, these passwords can be learned
an external intruder (eavesdropping). If that intruder is able
penetrate the perimeter, the internal system is
exposed. Finally, a perimeter defense may be open to
by internal users looking for shortcuts

A frequent form of perimeter defense is the application relay.
these relays are protocol specific, the IP connectivity of
hosts inside the perimeter with the outside world is broken
part of the power of the Internet is lost

An administrative advantage of the perimeter defense is that
number of machines that are on the perimeter and thus
to attack is small. These machines may be carefully checked
security hazards, but it is difficult (or impossible) to
that the perimeter is leak-proof. The security of a
defense is complicated as the gateway machines must pass
types of traffic such as electronic mail. Other network
such as the Network Time Protocol (NTP) and the File
Protocol (FTP) may also be desirable [Mills92, PR85, Bishop].
Furthermore, the perimeter gateway system must be able to
without bottleneck the entire traffic load for its
domain

Haller & Atkinson [Page 8]

RFC 1704 On Internet Authentication October 1994

5.3 Protection Against Active Attacks Highly

In the foreseeable future, the use of stronger techniques will
required to protect against active attacks. Many
networks based on broadcast technology such as Ethernet
need such techniques. To defend against an active attack, or
provide privacy, it is necessary to use a protocol with
encryption, for example Kerberos, or use an
mechanism that protects against replay attacks, perhaps using
stamps. In Kerberos, users obtain credentials from the
server and use them for authentication to obtain services
other computers on the network. The computing power of the
workstation can be used to decrypt credentials (using a
derived from the user-provided password) and store them
needed. If the security protocol relies on synchronized clocks
then NTPv3 might be useful because it distributes time amongst
large number of computers and is one of the few existing
protocols that includes authentication mechanisms [Bishop
Mills92].

Another approach to remotely accessible networks of computers
for all externally accessible machines to share a secret with
Kerberos KDC. In a sense, this makes these machines "servers
instead of general use workstations. This shared secret can
be used encrypt all communication between the two
enabling the accessible workstation to relay
information to the KDC in a secure way

Finally, workstations that are remotely accessible could
asymmetric cryptographic technology to encrypt communications
The workstation's public key would be published and well known
all clients. A user could use the public key to encrypt a
password and the remote system can decrypt the password
authenticate the user without risking disclosure of the
while it is in transit. A limitation of this workstation-
security is that it does not authenticate individual users
individual workstations. In some environments for example
government multi-level secure or compartmented mode workstations
user to user authentication and confidentiality is also needed

6. KEY DISTRIBUTION &

The discussion thus far has periodically mentioned keys, either
encryption or for authentication (e.g., as input to a
signature function). Key management is perhaps the hardest
faced when seeking to provide authentication in large internetworks
Hence this section provides a very brief overview of key
technology that might be used

Haller & Atkinson [Page 9]

RFC 1704 On Internet Authentication October 1994

The Needham & Schroeder protocol, which is used by Kerberos,
on a central key server. In a large internetwork, there would
to be significant numbers of these key servers, at least one
server per administrative domain. There would also need to
mechanisms for separately administered key servers to cooperate
generating a session key for parties in different
domains. These are not impossible problems, but this
clearly involves significant infrastructure changes

Most public-key encryption algorithms are computationally
and so are not ideal for encrypting packets in a network. However
the asymmetric property makes them very useful for setup and
of symmetric session keys. In practice, the commercial
probably uses asymmetric algorithms primarily for digital
and key exchange, but not for bulk data encryption. Both RSA and
Diffie-Hellman techniques can be used for this [DH76]. One
of using asymmetric techniques is that the central key server can
eliminated. The difference in key management techniques is
the primary difference between Kerberos and SPX. Privacy
Mail has trusted key authorities use digital signatures to sign
authenticate the public keys of users [Kent93]. The result of
operation is a key certificates which contains the public key of
party and authentication that the public key in fact belongs to
party. Key certificates can be distributed in many ways. One way
distribute key certificates might be to add them to
directory services, for example by extending the existing Domain
System to hold each host's the key certificate in a new record type

For multicast sessions, key management is harder because the
of exchanges required by the widely used techniques is
to the number of participating parties. Thus there is a
scaling problem with current published multicast key
techniques

Finally, key management mechanisms described in the public
have a long history of subtle flaws. There is ample evidence
this, even for well-known techniques such as the Needham &
protocol [NS78, NS87]. In some cases, subtle flaws have only
known after formal methods techniques were used in an attempt
verify the protocol. Hence, it is highly desirable that
management mechanisms be kept separate from authentication
encryption mechanisms as much as is possible. For example, it
probably better to have a key management protocol that is
from and does not depend upon another security protocol

Haller & Atkinson [Page 10]

RFC 1704 On Internet Authentication October 1994

7. AUTHENTICATION OF NETWORK

In addition to needing to authenticate users and hosts to each other
many network services need or could benefit from authentication
This section describes some approaches to authentication in
that are primarily host to host in orientation. As in the user
host authentication case, there are several techniques that might
considered

The most common case at present is to not have any
support in the protocol. Bellovin and others have documented
number of cases where existing protocols can be used to attack
remote machine because there is no authentication in the
[Bellovin89].

Some protocols provide for disclosing passwords to be passed
with the protocol information. The original SNMP protocols used
method and a number of the routing protocols continue to use
method [Moy91, LR91, CFSD88]. This method is useful as
transitional aid to slightly increase security and might
appropriate when there is little risk in having a completely
protocol

There are many protocols that need to support stronger
mechanisms. For example, there was widespread concern that
needed stronger authentication than it originally had. This led
the publication of the Secure SNMP protocols which support
authentication, using a digital signature mechanism, and
confidentiality, using DES encryption. The digital signatures
in Secure SNMP are based on appending a cryptographic checksum to
SNMP information. The cryptographic checksum is computed using
MD5 algorithm and a secret shared between the communicating
so is believed to be difficult to forge or invert

Digital signature technology has evolved in recent years and
be considered for applications requiring authentication but
confidentiality. Digital signatures may use a single secret
among two or more communicating parties or it might be based
asymmetric encryption technology. The former case would require
use of predetermined keys or the use of a secure key
protocol, such as that devised by Needham and Schroeder. In
latter case, the public keys would need to be distributed in
authenticated manner. If a general key distribution mechanism
available, support for optional digital signatures could be added
most protocols with little additional expense. Each protocol
address the key exchange and setup problem, but that might
adding support for digital signatures more complicated
effectively discourage protocol designers from adding

Haller & Atkinson [Page 11]

RFC 1704 On Internet Authentication October 1994

signature support

For cases where both authentication and confidentiality are
on a host-to-host basis, session encryption could be employed
symmetric cryptography, asymmetric cryptography, or a combination
both. Use of the asymmetric cryptography simplifies key management
Each host would encrypt the information while in transit
hosts and the existing operating system mechanisms would
protection within each host

In some cases, possibly including electronic mail, it might
desirable to provide the security properties within the
itself in a manner that was truly user-to-user rather than
host-to-host. The Privacy Enhanced Mail (PEM) work is employing
approach [Linn93, Kent93, Balenson93, Kaliski93]. The recent
work on Common Authentication Technology might make it easier
implement a secure distributed or networked application through
of standard security programming interfaces [Linn93a].

8. FUTURE

Systems are moving towards the cryptographically
authentication mechanisms described earlier. This move has
implications for future systems. We can expect to see
introduction of non-disclosing authentication systems in the
term and eventually see more widespread use of public key crypto
systems. Session authentication, integrity, and privacy issues
growing in importance. As computer-to-computer communication
more important, protocols that provide simple human interfaces
become less important. This is not to say that human interfaces
unimportant; they are very important. It means that these
are the responsibility of the applications, not the
protocol. Human interface design is beyond the scope of this memo

The use of public key crypto-systems for user-to-host
simplifies many security issues, but unlike simple passwords,
public key cannot be memorized. As of this writing, public key
of at least 500 bits are commonly used in the commercial world.
is likely that larger key sizes will be used in the future. Thus
users might have to carry their private keys in some
readable form. The use of read-only storage, such as a floppy
or a magnetic stripe card provides such storage, but it might
the user to trust their private keys to the reading device. Use of
smart card, a portable device containing both storage and
might be preferable. These devices have the potential to perform
authenticating operations without divulging the private key
contain. They can also interact with the user requiring a
form of authentication to "unlock" the card

Haller & Atkinson [Page 12]

RFC 1704 On Internet Authentication October 1994

The use of public key crypto-systems for host-to-host
appears not to have the same key memorization problem as the user
to-host case does. A multiuser host can store its key(s) in
protected from users and obviate that problem. Single
inherently insecure systems, such as PCs and Macintoshes,
difficult to handle but the smart card approach should also work
them

If one considers existing symmetric algorithms to be 1-
techniques, and existing asymmetric algorithms such as RSA to be 2-
key techniques, one might wonder whether N-key techniques will
developed in the future (i.e., for values of N larger than 2).
such N-key technology existed, it might be useful in
scalable multicast key distribution protocols. There is
currently underway examining the possible use of the Core Based
(CBT) multicast routing technology to provide scalable multicast
distribution [BFC93].

The implications of this taxonomy are clear. Strong
authentication is needed in the near future for many protocols
Public key technology should be used when it is practical and cost
effective. In the short term, authentication mechanisms
to passive attack should be phased out in favour of
authentication mechanisms. Additional research is needed to
improved key management technology and scalable multicast
mechanisms

SECURITY

This entire memo discusses Security Considerations in that
discusses authentication technologies and needs

This memo has benefited from review by and suggestions from
IETF's Common Authentication Technology (CAT) working group,
by John Linn, and from Marcus J. Ranum

[Anderson84] Anderson, B., "TACACS User Identification
Option", RFC 927, BBN, December 1984.

[Balenson93] Balenson, D., "Privacy Enhancement for
Electronic Mail: Part III: Algorithms, Modes, and Identifiers",
1423, TIS, IAB IRTF PSRG, IETF PEM WG, February 1993.

Haller & Atkinson [Page 13]

RFC 1704 On Internet Authentication October 1994

[BFC93] Ballardie, A., Francis, P., and J. Crowcroft, "Core
Trees (CBT) An Architecture for Scalable Inter-Domain
Routing", Proceedings of ACM SIGCOMM93, ACM, San Franciso, CA
September 1993, pp. 85-95.

[Bellovin89] Bellovin, S., "Security Problems in the TCP/IP
Suite", ACM Computer Communications Review, Vol. 19, No. 2,
1989.

[Bellovin92] Bellovin, S., "There Be Dragons", Proceedings of
3rd Usenix UNIX Security Symposium, Baltimore, MD, September 1992.

[Bellovin93] Bellovin, S., "Packets Found on an Internet",
Computer Communications Review, Vol. 23, No. 3, July 1993, pp. 26-31.

[BM91] Bellovin S., and M. Merritt, "Limitations of the
Authentication System", ACM Computer Communications Review,
1990.

[Bishop] Bishop, M., "A Security Analysis of Version 2 of
Network Time Protocol NTP: A report to the Privacy &
Research Group", Technical Report PCS-TR91-154, Department
Mathematics & Computer Science, Dartmouth College, Hanover,
Hampshire

[CB94] Cheswick W., and S. Bellovin, "Chapter 10: An Evening
Berferd", Firewalls & Internet Security, Addison-Wesley, Reading
Massachusetts, 1994. ISBN 0-201-63357-4.

[CERT94] Computer Emergency Response Team, "Ongoing
Monitoring Attacks", CERT Advisory CA-94:01, available by
ftp from cert.sei.cmu.edu, 3 February 1994.

[CFSD88] Case, J., Fedor, M., Schoffstall, M., and J. Davin
"Simple Network Management Protocol", RFC 1067, University
Tennessee at Knoxville, NYSERNet, Inc., Rensselaer
Institute, Proteon, Inc., August 1988.

[DH76] Diffie W., and M. Hellman, "New Directions in Cryptography",
IEEE Transactions on Information Theory, Volume IT-11, November 1976,
pp. 644-654.

[GM93] Galvin, J., and K. McCloghrie, "Security Protocols
Version 2 of the Simple Network Management Protocol (SNMPv2)",
1446, Trusted Information Systems, Hughes LAN Systems, April 1993.

Haller & Atkinson [Page 14]

RFC 1704 On Internet Authentication October 1994

[Haller94] Haller, N., "The S/Key One-time Password System",
Proceedings of the Symposium on Network & Distributed
Security, Internet Society, San Diego, CA, February 1994.

[Kaufman93] Kaufman, C., "Distributed Authentication
Service (DASS)", RFC 1507, Digital Equipment Corporation,
1993.

[Kaliski93] Kaliski, B., "Privacy Enhancement for
Electronic Mail: Part IV: Key Certification and Related Services",
RFC 1424, RSA Laboratories, February 1993.

[Kantor91] Kantor, B., "BSD Rlogin", RFC 1258, Univ. of Calif
Diego, September 1991.

[Kent93] Kent, S., "Privacy Enhancement for Internet
Mail: Part II: Certificate-Based Key Management", RFC 1422, BBN,
IRTF PSRG, IETF PEM, February 1993.

[KN93] Kohl, J., and C. Neuman, "The Kerberos Network
Service (V5)", RFC 1510, Digital Equipment Corporation
USC/Information Sciences Institute, September 1993.

[Linn93] Linn, J., "Privacy Enhancement for Internet
Mail: Part I: Message Encryption and Authentication Procedures",
1421, IAB IRTF PSRG, IETF PEM WG, February 1993.

[Linn93a] Linn, J., "Common Authentication Technology Overview",
1511, Geer Zolot Associate, September 1993.

[LS92] Lloyd B., and W. Simpson, "PPP Authentication Protocols",
1334, L&A, Daydreamer, October 1992.

[LR91] Lougheed K., and Y. Rekhter, "A Border Gateway protocol 3
(BGP-3)", RFC 1267, cisco Systems, T.J. Watson Research Center,
Corp., October 1991.

[Mills92] Mills, D., "Network Time Protocol (Version 3) -
Specification, Implementation, and Analysis", RFC 1305, UDEL,
1992.

[NBS77] National Bureau of Standards, "Data Encryption Standard",
Federal Information Processing Standards Publication 46,
Printing Office, Washington, DC, 1977.

[NS78] Needham, R., and M. Schroeder, "Using Encryption
Authentication in Large Networks of Computers", Communications of
ACM, Vol. 21, No. 12, December 1978.

Haller & Atkinson [Page 15]

RFC 1704 On Internet Authentication October 1994

[NS87] Needham, R., and M. Schroeder, "Authentication Revisited",
ACM Operating Systems Review, Vol. 21, No. 1, 1987.

[PR85] Postel J., and J. Reynolds, "File Transfer Protocol", STD 9,
RFC 959, USC/Information Sciences Institute, October 1985.

[Moy91] Moy, J., "OSPF Routing Protocol, Version 2", RFC 1247,
Proteon, Inc., July 1991.

[RSA78] Rivest, R., Shamir, A., and L. Adleman, "A Method
Obtaining Digital Signatures and Public Key Crypto-systems",
Communications of the ACM, Vol. 21, No. 2, February 1978.

[Rivest92] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321,
MIT Laboratory for Computer Science and RSA Data Security, Inc.,
April 1992.

[Simpson93] Simpson, W., "The Point to Point Protocol", RFC 1548,
Daydreamer, December 1993.

[SNS88] Steiner, J., Neuman, C., and J. Schiller, "Kerberos: "
Authentication Service for Open Network Systems", USENIX
Proceedings, Dallas, Texas, February 1988.

[Stoll90] Stoll, C., "The Cuckoo's Egg: Tracking a Spy Through
Maze of Computer Espionage", Pocket Books, New York, NY, 1990.

[TA91] Tardo J., and K. Alagappan, "SPX: Global Authentication
Public Key Certificates", Proceedings of the 1991 Symposium
Research in Security & Privacy, IEEE Computer Society, Los Amitos
California, 1991. pp.232-244.

Haller & Atkinson [Page 16]

RFC 1704 On Internet Authentication October 1994

AUTHORS'

Neil
Bell Communications
445 South Street -- MRE 2Q-280
Morristown, NJ 07962-1910

Phone: (201) 829-4478
EMail: nmh@thumper.bellcore.

Randall
Information Technology
Naval Research
Washington, DC 20375-5320

Phone: (DSN) 354-8590
EMail: atkinson@itd.nrl.navy.

Haller & Atkinson [Page 17]

if you see any problems within the linking, don't worry be happy,
this is version 0.1 of the Relevance System and you gotta expect some crappy subroutines sometimes,
just be content we did not write this in Java, which would have made this "bigger and better" HAHAHHA.

RFC documents can be found at I.E.T.F.

Relevance System Copyright © 2002 Spectrum WorldResearch
other technical nosh by ServerMasters Corporation
collaboration of BobX