Skip to main content

Kerberos SPAKE Pre-Authentication
draft-ietf-kitten-krb-spake-preauth-13

Approval announcement
Draft of message to be sent after approval:

Announcement

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: Nicolas Williams <nico@cryptonector.com>, The IESG <iesg@ietf.org>, draft-ietf-kitten-krb-spake-preauth@ietf.org, kitten-chairs@ietf.org, kitten@ietf.org, nico@cryptonector.com, paul.wouters@aiven.io, rfc-editor@rfc-editor.org
Subject: Protocol Action: 'Kerberos SPAKE Pre-Authentication' to Proposed Standard (draft-ietf-kitten-krb-spake-preauth-13.txt)

The IESG has approved the following document:
- 'Kerberos SPAKE Pre-Authentication'
  (draft-ietf-kitten-krb-spake-preauth-13.txt) as Proposed Standard

This document is the product of the Common Authentication Technology Next
Generation Working Group.

The IESG contact persons are Paul Wouters and Roman Danyliw.

A URL of this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-kitten-krb-spake-preauth/


Ballot Text

Technical Summary

This document describes a new "pre-authentication" protocol for Kerberos
V5 [RFC4120], one that uses a zero-knowledge password proof for
authenticating a client principal to a Kerberos Authentication Server
(AS), part of the Kerberos key distribution center (KDC).  Besides
supporting the use of simple passwords, this method also supports second
factors.

Working Group Summary

The KITTEN WG mailing list has had a number of threads on the topic of
Simple Password Authenticate Key Exchange (SPAKE) for Kerberos, and four
on this particular Internet-Draft.

It was clear that this document is ready for advancement. Some participants
have suggested additional features, but there is consensus that these can be
added as extensions to this protocol in future updates (the protocol is extensible),
or if need be as a new protocol.

Document Quality

Note that this documents implements/overlaps largely with what is now RFC 9382, but
the WG decided to strip mention of it and rely on the original paper directly, since
the path of that document had diverged somewhat from what was needed for this one.

Personnel

   Document Shepherd: Nico Williams
   Responsible AD was Ben Kaduk (now a chair of kitten) and is now Paul Wouters.

RFC Editor Note