CURRENT_MEETING_REPORT_ Reported by Steve Alexander/Lachman Technology Minutes of the TELNET Working Group (TELNET) Agenda o Any feedback on the ``Telnet Environment Option'' Internet-Draft Last Call. o Discussion of merged authentication/encryption options, ``Telnet Authentication and Encryption Option'' Internet-Draft, with emphasis on a plan to get the document finished. o Any other business. Steve Alexander presented the agenda and asked if there were other items that needed to be discussed. Marjo Mercado asked about the charter, so a brief discussion was held. Steve stated that the charter was no longer open-ended, and that the group would conclude when the environment and authentication documents were done. If other issues arise the charter will have to be amended. There was general agreement on this point. Since a Last Call has been issued for the ``Telnet Environment Option,'' Steve asked for any feedback. Marjo pointed out a minor grammatical error which will need to be corrected during the RFC editing process. Steve urged everyone to review the document if they hadn't already. The bulk of the meeting was devoted to authentication. Dave Borman is currently implementing the merged authentication/encryption options. The group discussed whether it is okay to abandon the output mode DES---this seemed acceptable to all present. Ted Ts'o raised the concern about active attackers forcing the use of a weaker encryption mechanism. There was brief discussion on this point and Ted agreed to write up his view of how this could be avoided. John Linn expressed concern about getting a Kerberos V authentication document out ahead of the merged mechanism. The group agreed that the current V5 Draft, ``Telnet Authentication: Kerberos Version 5'' could be issued as an Experimental RFC. Steve will send the current draft to Ted for review. Dave Borman mentioned that he would like to release his current telnet reference sources in the near-term, but is concerned about the encryption code. Ted suggested that perhaps MIT could be a distribution point, since they have a similar problem with the Kerberos distribution. Sam Sjogren raised the issue of interoperability testing. The group was receptive, and might try to schedule an event prior to the Seattle meeting. This would most likely be a virtual event held between cooperating parties via the Internet. There was some discussion of whether this would be appropriate to have at an IETF meeting, but no conclusion was reached. Action Items Dave Borman Will finish implementation of the merged authentication/encryption options. Ted Ts'o Will write up a discussion of how he would like to see the encryption type negotiation covered by a checksum to prevent active attackers from forcing a weak encryption method to be negotiated. Steve Alexander Will fine-tune the Kerberos V draft and send it to Ted for review with the goal of issuing it as an Experimental RFC. Steve/Dave Will drive the document editing process so that work on merging the encryption text into the Kerberos documents will be complete by Seattle. Attendees Steve Alexander stevea@lachman.com David Borman dab@cray.com Peter Cameron cameron@xylint.co.uk Jonathan Didner jonb@bangate.compaq.com John Linn linn@security.ov.com Marjo Mercado marjo@cup.hp.com Clifford Neuman bcn@isi.edu Jon Penner jjp@bscs.uucp Vladimir Sukonnik sukonnik@process.com Theodore Ts'o tytso@mit.edu Raymond Vega rvega@cicese.mx