Skip to main content

Shepherd writeup

1. Summary

Benjamin Kaduk is the document shepherd.  Stephen Farrell is the
responsible Area Director.

This document is necessary because implementors of RFC 4402 erred
when implementing the PRF+ construct, starting the counter variable
at zero instead of one.  The error was present in multiple releases
of a shipping implementation when a second implementor discovered
the error in interoperability testing; that second implementor also
started the counter variable at zero for compatibility.  This document
serves to update RFC 4402 and reflect the implementation reality
that is deployed and functioning interoperably.  It is being published
as a Standards Track document to match RFC 4402 which it replaces,
as is consistent with most work on Kerberos in the IETF.

2. Review and Consensus

There is strong consensus for this document, which only differs from
RFC 4402 in the change of the initial value of the counter variable
and the removal of an unneeded and confusing paragraph from the
security considerations section.  It also adds test vectors, which
have been verified by two implementations (MIT and Heimdal Kerberos).
The WGLC period was part of a combined WGLC for three "bis" documents,
over a period of four weeks.  Most of the prominent WG contributors
reviewed the document, and no substantive issues were found (though
a couple of regressions from RFC 4402 were noted and fixed).

3. Intellectual Property

There are no intellectual property disclosures against this document,
and both authors have confirmed conformance with BCPs 78 and 79.

4. Other Points

There are no downrefs and no IANA considerations (since there is no
IANA registry for the GSS-API namespace or error codes specified
in the document).  The document is a little old (some 200-odd days,
as noted by idnits), due to the shepherd being preoccupied due to
moving residences and employment.

There is one erratum against RFC 4402, the issue that this document
is intended to resolve.