From 228524cb50c85f9228f9b4763b908cf28b1230d4 Mon Sep 17 00:00:00 2001
From: Nick Sayer <nsayer@FreeBSD.org>
Date: Mon, 14 Feb 2000 19:38:38 +0000
Subject: [PATCH] Add a blurb about SRA-enhanced telnet.

Not-Approved-by: jkh (he said documentation didn't need it)
---
 release/texts/i386/RELNOTES.TXT | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/release/texts/i386/RELNOTES.TXT b/release/texts/i386/RELNOTES.TXT
index 783260a915b..53138ddb8f7 100644
--- a/release/texts/i386/RELNOTES.TXT
+++ b/release/texts/i386/RELNOTES.TXT
@@ -172,6 +172,16 @@ OpenSSL v0.9.4 (a general-purpose cryptography and SSL2/3/TLSv1 toolkit)
 has been integrated with the base system. In the future this will be used
 to provide strong cryptography for FreeBSD utilities out-of-the-box.
 
+Telnet has a new encrypted authentication mechanism called SRA. SRA
+uses a Diffie-Hellmen exchange to establish a session key, then uses
+that to DES encrypt the username and password. As a side effect the
+session key is used to DES encrypt the session. SRA is vulnerable to
+man-in-the-middle attacks, the DH parameters are on the small side,
+and DES is showing its age, but the benefits are that it requires
+absolutely no administrative changes to the machine to work, and is
+at the very least a step up from plaintext. To use it, you need to
+either use "telnet -ax" or set up a .telnetrc to enable it by default.
+
 1.3. USERLAND CHANGES
 ---------------------