Skip to main content

Shepherd writeup

Nico Williams is the shepherd, Ben Kaduk is the responsible AD.

This document describes a new "pre-authentication" protocol for Kerberos
V5 [RFC4120], one that uses a zero-knowledge password proof for
authenticating a client principal to a Kerberos Authentication Server
(AS), part of the Kerberos key distribution center (KDC).  Besides
supporting the use of simple passwords, this method also supports second

Review and Consensus:
The KITTEN WG mailing list has had a number of threads on the topic of
Simple Password Authenticate Key Exchange (SPAKE) for Kerberos, and four
on this particular Internet-Draft.

Recent threads make it clear that this document is ready for
advancement.  Some participants have suggested additional features, but
there is consensus that these can be added as extensions to this
protocol in future updates (the protocol is extensible), or if need be
as a new protocol.

Intellectual Property:
There are no intellectual property disclosures against this document,
and all authors have confirmed compliance with BCPs 78 and 79.

This draft is targeting Proposed Standard status, and has a normative
down-reference to draft-irtf-cfrg-spake2-06, which draft is targeting
Informational status, and is not yet out of CFRG.