Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) Algorithm Agility
draft-ietf-kitten-pkinit-alg-agility-08

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: The IESG <iesg@ietf.org>, kitten-chairs@ietf.org, Robbie Harwood <rharwood@redhat.com>, rharwood@redhat.com, kitten@ietf.org, kaduk@mit.edu, draft-ietf-kitten-pkinit-alg-agility@ietf.org, rfc-editor@rfc-editor.org
Subject: Protocol Action: 'PKINIT Algorithm Agility' to Proposed Standard (draft-ietf-kitten-pkinit-alg-agility-08.txt)

The IESG has approved the following document:
- 'PKINIT Algorithm Agility'
  (draft-ietf-kitten-pkinit-alg-agility-08.txt) as Proposed Standard

This document is the product of the Common Authentication Technology Next
Generation Working Group.

The IESG contact persons are Benjamin Kaduk and Roman Danyliw.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-kitten-pkinit-alg-agility/


Technical Summary

    This document specifies an updated Public Key Cryptography for Initial
    Authentication in Kerberos (PKINIT, rfc4556) which is not dependent on
    SHA-1.  In particular, it describes negotiation for Key Derivation
    Functions, and includes test vectors for these schemes.

    This is a Standards Track document since its core goal is to update
    PKINIT, which is a standard part of Kerberos implementations.
    Accordingly, it updates rfc4556 (PKINIT), which is Standards Track.

Working Group Summary

    This document has been around for quite a long time, originally part of
    krb-wg before being taken up by kitten in the re-charter.  Implementations
    have existed in both MIT krb5 and Heimdal since 2011 and 2008,
    respectively.  Most shaping review happened under krb-wg, but those
    contributors are also participants in kitten.

    This document received review and/or implementation from a significant
    number of working group contributors.  In an ideal world it would have been published much
    sooner, but has been repeatedly deprioritized in favor of other work.

Document Quality

   There are two independent implementations that interoperate and validate
   the test vectors.

Personnel

    Robbie Harwood is the document shepherd.  Benjamin Kaduk is the
    responsible Area Director.