CURRENT_MEETING_REPORT_ Reported by Dave Borman/Cray Research, Inc. MINUTES The TELNET working group meeting got off to a slow start, but gained momentum as the meeting went on. The following are the highlights from the meeting, in the order which they were discussed. Assigned Numbers: Joyce Reynolds brought up that a new assigned numbers document will be issued in six to eight weeks. This document contains a list of all the TELNET options, and their current status. This list needs to be updated. ACTION: Dave Borman will send out the proposed list for comments, update the list as necessary, and forward it to Joyce. Dan Bernsteins Q Method of Option loop avoidance: Joyce also said that she and Jon Postel have decided to publish Dan Bernsteins Q method of option negotiation loop avoidance. Since the TELNET working group does not agree with all the technical points of this method, the working group needs to decide if it wants to issue a discussion RFC commenting on the Q method, or whether the group want to just ignore the issue for now, waiting for the revised TELNET spec to comment/clarify about option negotiation loop avoidance. No decision was made. Re-Issuing the TELNET RFC: It was decided that the TELNET RFC will need to be updated and re-issued. The reason for this decision was that there are several areas that need to be addressed, among them are: 8 bit NVT support, option negotiation loop avoidance, and DO/WONT vs DO/WONT/DONT option negotiation. The status section will also need to be redone to conform to the current standards for the status section. Review of proposed options: DONT-TELNET option: Since Bill Westfield, the author, was not in attendance, the discussion was tabled until the next meeting. ENVIRONMENT option: The option, with revisions agreed upon at the last meeting, was discussed. It was decided that an INFO command, identical to the IS command, was needed. The IS is only sent in response to a SEND command, 1 and an INOF can be sent spontaneously to indicate changes. The INFO is not to be use to indicate initial state; that is what the SEND/IS is for. ACTION: Dave Borman will write up a new draft for review. It is hoped that by the next meeting it will be ready for RFC submission. COMPRESSION option: This option was reviewed in light of the comments from the mailing list. It was decided that: 1) this is a non-trivial option to define. 2) No one in attendance had a burning desire to have this option. Therefor, it was decided that this option will be put at the bottom of the list of things to do, unless someone else is willing to become a champion for this option. AUTHENTICATION/ENCRYPTION options: Midway through the meeting, Steve Crocker joined the group. Steve is the Security Area Director for the IETF. Since most of the people at the meeting were not security type people, and Steve is not a TELNET person, we spent some time telling Steve about what we were doing, and he spent some time telling us about security things. Steve brought up some good points. Since we are not doing any key passing through TELNET, we could just as well do the decision about what type of encryption/authentication is being used out-of-band from TELNET. Then, these options just become a way to turn the stuff on/off, and not a negotiation about what form of encryption/authentication is to be used. One fear that Steve brought up is that without having people who know about security designing/reviewing the options, there is a good chance that what is designed will not be useful. He also brought up that the privacy enhanced mail group has been thinking about ftp as its next step. Could their work be applied to TELNET also? Should our work be applied to FTP? From the discussion, it was decided that to really be able to hammer out the solutions, we needed to get the security people and the TELNET people together. Several action items came out of this: ACTION: Steve Crocker will be scheduling a joint security/TELNET meeting at the next IETF. This meeting will probably also be talking about FTP. ACTION: Dave Borman will write up a short paper describing the motivation behind wanting the AUTHENTICATION and ENCRYPTION options. This would be something that the security people could look over before the next IETF meeting to help them understand why the TELNET working group is addressing these issues, and what the desired goal is. (Our goal is to avoid having clear-text passwords being sent over the Internet, and to obsolete rlogin.) 2 ATTENDEES Dave Borman dab@cray.com Steve Crocker crocker@tis.com Louis A. Mamakos louie@trantor.umd.edu Greg Minshall minshall@kinetics.com Joyce Reynolds jkrey@isi.edu Keith Sklower sklower@okeeffe.Berkeley.Edu Allen Sturtevant sturtevant@ccc.nmfecc.gov 3