This document defines the Pseudo-Random Function (PRF) for the
Kerberos V mechanism for the Generic Security Service Application
Program Interface (GSS-API), based on the PRF defined for the
Kerberos V cryptographic framework, for keying application protocols
given an established Kerberos V GSS-API security context.
This document obsoletes RFC 4402 and reclassifies that document as
historic. RFC 4402 starts the PRF+ counter at 1, however a number of
implementations starts the counter at 0. As a result, the original
specification would not be interoperable with existing
Working Group Summary
This document is necessary because implementors of RFC 4402 erred
when implementing the PRF+ construct, starting the counter variable
at zero instead of one. The error was present in multiple releases
of a shipping implementation when a second implementor discovered
the error in interoperability testing; that second implementor also
started the counter variable at zero for compatibility. This document
serves to update RFC 4402 and reflect the implementation reality
that is deployed and functioning interoperably. It is being published
as a Standards Track document to match RFC 4402 which it replaces,
as is consistent with most work on Kerberos in the IETF.
There is strong consensus for this document, which only differs from
RFC 4402 in the change of the initial value of the counter variable
and the removal of an unneeded and confusing paragraph from the
security considerations section. It also adds test vectors, which
have been verified by two implementations (MIT and Heimdal Kerberos).
The WGLC period was part of a combined WGLC for three "bis" documents,
over a period of four weeks. Most of the prominent WG contributors
reviewed the document, and no substantive issues were found (though
a couple of regressions from RFC 4402 were noted and fixed).
Benjamin Kaduk is the document shepherd. Stephen Farrell is the
responsible Area Director.