next up previous contents
Next: The test implementation Up: Integrity option Previous: Command meanings and usage

Implementation rules

WILL and DO are used only at the beginning of the connection to obtain and grant permissions for future negotiations. If integrity checks is needed in both directions, then the INTEGRITY option must be negotiated in both directions.

Once the two hosts have exchanged a WILL and a DO, then sender of the DO INTEGRITY must send a INTEGRITY SUPPORT command to let the remote side know what types of integrity information it is willing to accept. In the request, a list of supported integrity schemes is sent. Only the sender of the DO may send a list of supported integrity types (IAC SB INTEGRITY SUPPORT encryption-type-list IAC SE). Only the sender of the WILL may actually transmit the integrity information command. This is initiated via the ``IAC SB INTEGRITY START encryption-type IAC SE'' command, and terminated via the the ``IAC SB INTEGRITY END IAC SE'' command. If a START is received, and then a second START is received before receiving an END, the second START is assumed to terminate the first START command, and then begin a new method or restarting the current method of sending integrity information. This is analogous to the START command in the encryption option. The integrity option is also vulnerable to a replay attack in this situation.

If the sender of the DO would like the remote side to begin sending integrity information, it can send the ``IAC SB INTEGRITY REQUEST-START integrity-type IAC SE'' command. The ``integrity-type'' may contain a specific type of integrity information that is requested, or it may contain ANY if no specific type of integrity information is preferred. If The sender of the DO would like the remote side to stop sending integrity information data, it can send the ``IAC SB INTEGRITY REQUEST-STOP IAC SE'' command.

If the receiver of the SUPPORT command does not support any of the integrity types listed in the SUPPORT command, it should send an IAC WONT INTEGRITY command to turn off the INTEGRITY option.

If the receiver of a REQUEST-START receives an integrity type that is not supported, it may choose to use any other type of integrity that was received in the initial SUPPORT command.

The integrity types in the SUPPORT command should be ordered to indicate a preference for the different integrity types, the first type being the most preferred, and the last type the least preferred.

Design goal number 5 implies that the sender must always append an INTEGRITY sub-option sequence to a block of data before it is displayed on the screen or handled by the server application. It is no way for the NVT to know when the Keyboard Unit has sent all its data. By using a timer to trigger the insertion of the INTEGRITY_INFO, one eliminates the problem of having to wait for the integrity information sequence before the received data can be integrity checked. If the client Telnet is operated by a person, the timeout of the timer could e.g. be set to one tenth of a second. The client program can then buffer incoming data until an INTEGRITY_INFO sequence arrives, check the integrity and display the data (or an error message if the integrity check fails).


next up previous contents
Next: The test implementation Up: Integrity option Previous: Command meanings and usage

Asgaut Eng
Wed Apr 10 14:07:30 MET DST 1996