Anonymity Support for Kerberos
draft-ietf-kitten-rfc6112bis-03
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2017-02-23
|
03 | (System) | RFC Editor state changed to AUTH48-DONE from AUTH48 |
2017-01-17
|
03 | (System) | RFC Editor state changed to AUTH48 from RFC-EDITOR |
2017-01-10
|
03 | (System) | RFC Editor state changed to RFC-EDITOR from IANA |
2017-01-06
|
03 | (System) | RFC Editor state changed to IANA from EDIT |
2017-01-02
|
03 | Tim Wicinski | Request for Last Call review by OPSDIR Completed: Ready. Reviewer: Tim Wicinski. Sent review to list. |
2016-12-09
|
03 | (System) | IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor |
2016-12-08
|
03 | (System) | IANA Action state changed to Waiting on RFC Editor from Waiting on Authors |
2016-12-07
|
03 | (System) | IANA Action state changed to Waiting on Authors from In Progress |
2016-12-05
|
03 | (System) | RFC Editor state changed to EDIT |
2016-12-05
|
03 | (System) | IESG state changed to RFC Ed Queue from Approved-announcement sent |
2016-12-05
|
03 | (System) | Announcement was received by RFC Editor |
2016-12-05
|
03 | (System) | IANA Action state changed to In Progress |
2016-12-05
|
03 | Cindy Morgan | IESG state changed to Approved-announcement sent from Approved-announcement to be sent |
2016-12-05
|
03 | Cindy Morgan | IESG has approved the document |
2016-12-05
|
03 | Cindy Morgan | Closed "Approve" ballot |
2016-12-05
|
03 | Cindy Morgan | Ballot approval text was generated |
2016-12-05
|
03 | Cindy Morgan | Ballot writeup was changed |
2016-12-01
|
03 | Cindy Morgan | IESG state changed to Approved-announcement to be sent from IESG Evaluation |
2016-12-01
|
03 | Benoît Claise | [Ballot Position Update] New position, No Objection, has been recorded for Benoit Claise |
2016-12-01
|
03 | Jari Arkko | [Ballot Position Update] New position, No Objection, has been recorded for Jari Arkko |
2016-11-30
|
03 | Joel Jaeggli | [Ballot Position Update] New position, No Objection, has been recorded for Joel Jaeggli |
2016-11-30
|
03 | Spencer Dawkins | [Ballot Position Update] New position, No Objection, has been recorded for Spencer Dawkins |
2016-11-30
|
03 | Deborah Brungard | [Ballot Position Update] New position, No Objection, has been recorded for Deborah Brungard |
2016-11-30
|
03 | Terry Manderson | [Ballot Position Update] New position, No Objection, has been recorded for Terry Manderson |
2016-11-30
|
03 | Alissa Cooper | [Ballot Position Update] New position, No Objection, has been recorded for Alissa Cooper |
2016-11-29
|
03 | Ben Campbell | [Ballot comment] - 4.3, 2nd paragraph: Absent what sort of other information? That's a bit vague for a condition for a MUST. -9: Isn't Sam … [Ballot comment] - 4.3, 2nd paragraph: Absent what sort of other information? That's a bit vague for a condition for a MUST. -9: Isn't Sam an author? :-) |
2016-11-29
|
03 | Ben Campbell | [Ballot Position Update] New position, No Objection, has been recorded for Ben Campbell |
2016-11-29
|
03 | Suresh Krishnan | [Ballot Position Update] New position, No Objection, has been recorded for Suresh Krishnan |
2016-11-29
|
03 | Kathleen Moriarty | [Ballot Position Update] Position for Kathleen Moriarty has been changed to No Objection from Discuss |
2016-11-29
|
03 | Alia Atlas | [Ballot comment] Is this intended to go to Internet Standard or Proposed Standard again? |
2016-11-29
|
03 | Alia Atlas | [Ballot Position Update] New position, No Objection, has been recorded for Alia Atlas |
2016-11-29
|
03 | Alvaro Retana | [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana |
2016-11-29
|
03 | Kathleen Moriarty | [Ballot discuss] Holding a discuss until the Gen-art conversation on minimum size of the fressness token resolves. Will switch to a yes once that is … [Ballot discuss] Holding a discuss until the Gen-art conversation on minimum size of the fressness token resolves. Will switch to a yes once that is resolved. https://www.ietf.org/mail-archive/web/gen-art/current/msg13942.html |
2016-11-29
|
03 | Kathleen Moriarty | [Ballot Position Update] Position for Kathleen Moriarty has been changed to Discuss from No Objection |
2016-11-29
|
03 | Kathleen Moriarty | [Ballot Position Update] New position, No Objection, has been recorded for Kathleen Moriarty |
2016-11-28
|
03 | Robert Sparks | Request for Telechat review by GENART Completed: Ready. Reviewer: Robert Sparks. |
2016-11-23
|
03 | Alexey Melnikov | [Ballot Position Update] New position, No Objection, has been recorded for Alexey Melnikov |
2016-11-23
|
03 | Jean Mahoney | Request for Telechat review by GENART is assigned to Robert Sparks |
2016-11-23
|
03 | Jean Mahoney | Request for Telechat review by GENART is assigned to Robert Sparks |
2016-11-22
|
03 | Mirja Kühlewind | [Ballot Position Update] New position, No Objection, has been recorded for Mirja Kühlewind |
2016-11-16
|
03 | Amanda Baber | IANA Review state changed to IANA OK - Actions Needed from Version Changed - Review Needed |
2016-11-16
|
03 | Stephen Farrell | Placed on agenda for telechat - 2016-12-01 |
2016-11-16
|
03 | Stephen Farrell | Changed consensus to Yes from Unknown |
2016-11-16
|
03 | Stephen Farrell | IESG state changed to IESG Evaluation from Waiting for Writeup |
2016-11-16
|
03 | Stephen Farrell | Ballot has been issued |
2016-11-16
|
03 | Stephen Farrell | [Ballot Position Update] New position, Yes, has been recorded for Stephen Farrell |
2016-11-16
|
03 | Stephen Farrell | Created "Approve" ballot |
2016-11-16
|
03 | Stephen Farrell | Ballot writeup was changed |
2016-11-16
|
03 | (System) | IANA Review state changed to Version Changed - Review Needed from IANA - Not OK |
2016-11-16
|
03 | Shawn Emery | New version available: draft-ietf-kitten-rfc6112bis-03.txt |
2016-11-16
|
03 | (System) | New version approved |
2016-11-16
|
03 | (System) | Request for posting confirmation emailed to previous authors: "Sam Hartman" , "Larry Zhu" , "Paul Leach" , "Shawn Emery" |
2016-11-16
|
03 | Shawn Emery | Uploaded new revision |
2016-11-10
|
02 | Tero Kivinen | Request for Last Call review by SECDIR Completed: Has Nits. Reviewer: Carl Wallace. |
2016-11-02
|
02 | (System) | IESG state changed to Waiting for Writeup from In Last Call |
2016-11-01
|
02 | (System) | IANA Review state changed to IANA - Not OK from IANA - Review Needed |
2016-11-01
|
02 | Sabrina Tanamal | (Via drafts-lastcall-comment@iana.org): IESG/Authors/WG Chairs: The IANA Services Operator has completed its review of draft-ietf-kitten-rfc6112bis-02.txt. If any part of this review is inaccurate, please let … (Via drafts-lastcall-comment@iana.org): IESG/Authors/WG Chairs: The IANA Services Operator has completed its review of draft-ietf-kitten-rfc6112bis-02.txt. If any part of this review is inaccurate, please let us know. Upon approval of this document, we understand that there are no actions to complete. We have a question about one of the actions requested in the IANA Considerations section of this document. The author request that: "This document defines a new 'anonymous' Kerberos well-known name and a new 'anonymous' Kerberos well-known realm based on [RFC6111]. We have added these two values to the Kerberos naming registries that are created in [RFC6111]." Question --> We note that those values are already in the required registries. Should [ RFC-to-be ] be added to the references for those two registrations? Or, should [ RFC-to-be ] replace the existing references? Note: The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is only to confirm what actions will be performed. Thank you, Sabrina Tanamal IANA Services Specialist PTI |
2016-10-22
|
02 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Tim Wicinski |
2016-10-22
|
02 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Tim Wicinski |
2016-10-21
|
02 | Robert Sparks | Request for Last Call review by GENART Completed: Ready with Nits. Reviewer: Robert Sparks. |
2016-10-20
|
02 | Jean Mahoney | Request for Last Call review by GENART is assigned to Robert Sparks |
2016-10-20
|
02 | Jean Mahoney | Request for Last Call review by GENART is assigned to Robert Sparks |
2016-10-20
|
02 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Carl Wallace |
2016-10-20
|
02 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Carl Wallace |
2016-10-19
|
02 | Amy Vezza | IANA Review state changed to IANA - Review Needed |
2016-10-19
|
02 | Amy Vezza | The following Last Call announcement was sent out: From: The IESG To: "IETF-Announce" CC: kitten@ietf.org, mrogers@redhat.com, kitten-chairs@ietf.org, draft-ietf-kitten-rfc6112bis@ietf.org, stephen.farrell@cs.tcd.ie Reply-To: ietf@ietf.org … The following Last Call announcement was sent out: From: The IESG To: "IETF-Announce" CC: kitten@ietf.org, mrogers@redhat.com, kitten-chairs@ietf.org, draft-ietf-kitten-rfc6112bis@ietf.org, stephen.farrell@cs.tcd.ie Reply-To: ietf@ietf.org Sender: Subject: Last Call: (Anonymity Support for Kerberos) to Proposed Standard The IESG has received a request from the Common Authentication Technology Next Generation WG (kitten) to consider the following document: - 'Anonymity Support for Kerberos' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2016-11-02. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document defines extensions to the Kerberos protocol to allow a Kerberos client to securely communicate with a Kerberos application service without revealing its identity, or without revealing more than its Kerberos realm. It also defines extensions that allow a Kerberos client to obtain anonymous credentials without revealing its identity to the Kerberos Key Distribution Center (KDC). This document updates RFCs 4120, 4121, and 4556. This document obsoletes RFC 6112 and reclassifies that document as historic. RFC 6112 contained errors and the protocol described in that specification is not interoperable with any known implementation. This specification describes a protocol that interoperates with multiple implementations. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-kitten-rfc6112bis/ IESG discussion can be tracked via https://datatracker.ietf.org/doc/draft-ietf-kitten-rfc6112bis/ballot/ No IPR declarations have been submitted directly on this I-D. |
2016-10-19
|
02 | Amy Vezza | IESG state changed to In Last Call from Last Call Requested |
2016-10-19
|
02 | Stephen Farrell | Last call was requested |
2016-10-19
|
02 | Stephen Farrell | Ballot approval text was generated |
2016-10-19
|
02 | Stephen Farrell | Ballot writeup was generated |
2016-10-19
|
02 | Stephen Farrell | IESG state changed to Last Call Requested from Publication Requested |
2016-10-19
|
02 | Stephen Farrell | Last call announcement was generated |
2016-10-17
|
02 | Cindy Morgan | Notification list changed to mrogers@redhat.com |
2016-10-17
|
02 | Cindy Morgan | 1. Summary Matt Rogers is the document shepherd. Stephen Farrell is the responsible Area Director. This document describes Kerberos extensions for client anonymity support. These … 1. Summary Matt Rogers is the document shepherd. Stephen Farrell is the responsible Area Director. This document describes Kerberos extensions for client anonymity support. These extensions give Kerberos clients the ability to authenticate and securely communicate with a service, without revealing the client identity. Two methods are described; one that only reveals the client’s identity to its own KDC, and another that utilizes anonymous PKINIT to hide the client identity completely. This is request for publication of a Standards Track document to obsolete RFC 6112, which had technical errors that made the described extensions inoperable with existing implementations. 2. Review and Consensus There is consensus among the WG for this document, and as a “bis” document all errata have been considered. Aside from a few editorial corrections, there are three primary changes to the specification. First, when using the anonymous PKINIT method, the ticket session key is derived using the KRB-FX-CF2 operation, which requires two input constants “pepper1” and “pepper2”. The “pepper2” constant was incorrect in RFC 6112 and has been chang ed to its correct value. Second, the need for setting the anonymous KDC flag in a anonymous TGS request changed from a MUST to a SHOULD. Third, a new paragraph has been added which clarifies a MITM scenario that is prevented by the anonymous PKINIT session-key derivation method. 3. Intellectual Property There are no intellectual property disclosures against this document, and all authors have confirmed compliance with BCPs 78 and 79. |
2016-10-17
|
02 | Cindy Morgan | Responsible AD changed to Stephen Farrell |
2016-10-17
|
02 | Cindy Morgan | Intended Status changed to Proposed Standard |
2016-10-17
|
02 | Cindy Morgan | IESG process started in state Publication Requested |
2016-10-17
|
02 | Cindy Morgan | Working group state set to Submitted to IESG for Publication |
2016-10-11
|
02 | Benjamin Kaduk | Notification list changed to "Matt Rogers" <mrogers@redhat.com> |
2016-10-11
|
02 | Benjamin Kaduk | Document shepherd changed to Matt Rogers |
2016-09-05
|
02 | Shawn Emery | New version available: draft-ietf-kitten-rfc6112bis-02.txt |
2016-07-26
|
01 | Benjamin Kaduk | Greg has been working with Shawn to tighten up some text describing potential attacks and other editorial fixes; we want a new revision with those … Greg has been working with Shawn to tighten up some text describing potential attacks and other editorial fixes; we want a new revision with those fixes in place. |
2016-07-26
|
01 | Benjamin Kaduk | Tag Revised I-D Needed - Issue raised by WGLC set. |
2016-07-26
|
01 | Benjamin Kaduk | IETF WG state changed to WG Consensus: Waiting for Write-Up from In WG Last Call |
2016-07-26
|
01 | Naveen Khan | New version available: draft-ietf-kitten-rfc6112bis-01.txt |
2015-01-20
|
00 | Benjamin Kaduk | IETF WG state changed to In WG Last Call from WG Document |
2014-03-03
|
00 | Sam Hartman | New version available: draft-ietf-kitten-rfc6112bis-00.txt |