Add a blurb about SRA-enhanced telnet.

Not-Approved-by: jkh (he said documentation didn't need it)

1 files changed, 10 insertions, 0 deletions

diff --git a/release/texts/i386/RELNOTES.TXT b/release/texts/i386/RELNOTES.TXT
index 783260a..53138dd 100644
--- a/release/texts/i386/RELNOTES.TXT
+++ b/release/texts/i386/RELNOTES.TXT
@@ -172,6 +172,16 @@ OpenSSL v0.9.4 (a general-purpose cryptography and SSL2/3/TLSv1 toolkit)
 has been integrated with the base system. In the future this will be used
 to provide strong cryptography for FreeBSD utilities out-of-the-box.
 
+Telnet has a new encrypted authentication mechanism called SRA. SRA
+uses a Diffie-Hellmen exchange to establish a session key, then uses
+that to DES encrypt the username and password. As a side effect the
+session key is used to DES encrypt the session. SRA is vulnerable to
+man-in-the-middle attacks, the DH parameters are on the small side,
+and DES is showing its age, but the benefits are that it requires
+absolutely no administrative changes to the machine to work, and is
+at the very least a step up from plaintext. To use it, you need to
+either use "telnet -ax" or set up a .telnetrc to enable it by default.
+
 1.3. USERLAND CHANGES
 ---------------------