Skip to main content

Anonymity Support for Kerberos
draft-ietf-kitten-rfc6112bis-03

Revision differences

Document history

Date Rev. By Action
2017-02-23
03 (System) RFC Editor state changed to AUTH48-DONE from AUTH48
2017-01-17
03 (System) RFC Editor state changed to AUTH48 from RFC-EDITOR
2017-01-10
03 (System) RFC Editor state changed to RFC-EDITOR from IANA
2017-01-06
03 (System) RFC Editor state changed to IANA from EDIT
2017-01-02
03 Tim Wicinski Request for Last Call review by OPSDIR Completed: Ready. Reviewer: Tim Wicinski. Sent review to list.
2016-12-09
03 (System) IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor
2016-12-08
03 (System) IANA Action state changed to Waiting on RFC Editor from Waiting on Authors
2016-12-07
03 (System) IANA Action state changed to Waiting on Authors from In Progress
2016-12-05
03 (System) RFC Editor state changed to EDIT
2016-12-05
03 (System) IESG state changed to RFC Ed Queue from Approved-announcement sent
2016-12-05
03 (System) Announcement was received by RFC Editor
2016-12-05
03 (System) IANA Action state changed to In Progress
2016-12-05
03 Cindy Morgan IESG state changed to Approved-announcement sent from Approved-announcement to be sent
2016-12-05
03 Cindy Morgan IESG has approved the document
2016-12-05
03 Cindy Morgan Closed "Approve" ballot
2016-12-05
03 Cindy Morgan Ballot approval text was generated
2016-12-05
03 Cindy Morgan Ballot writeup was changed
2016-12-01
03 Cindy Morgan IESG state changed to Approved-announcement to be sent from IESG Evaluation
2016-12-01
03 Benoît Claise [Ballot Position Update] New position, No Objection, has been recorded for Benoit Claise
2016-12-01
03 Jari Arkko [Ballot Position Update] New position, No Objection, has been recorded for Jari Arkko
2016-11-30
03 Joel Jaeggli [Ballot Position Update] New position, No Objection, has been recorded for Joel Jaeggli
2016-11-30
03 Spencer Dawkins [Ballot Position Update] New position, No Objection, has been recorded for Spencer Dawkins
2016-11-30
03 Deborah Brungard [Ballot Position Update] New position, No Objection, has been recorded for Deborah Brungard
2016-11-30
03 Terry Manderson [Ballot Position Update] New position, No Objection, has been recorded for Terry Manderson
2016-11-30
03 Alissa Cooper [Ballot Position Update] New position, No Objection, has been recorded for Alissa Cooper
2016-11-29
03 Ben Campbell
[Ballot comment]
- 4.3, 2nd paragraph: Absent what sort of other information? That's a bit vague for a condition for a MUST.

-9: Isn't Sam …
[Ballot comment]
- 4.3, 2nd paragraph: Absent what sort of other information? That's a bit vague for a condition for a MUST.

-9: Isn't Sam an author? :-)
2016-11-29
03 Ben Campbell [Ballot Position Update] New position, No Objection, has been recorded for Ben Campbell
2016-11-29
03 Suresh Krishnan [Ballot Position Update] New position, No Objection, has been recorded for Suresh Krishnan
2016-11-29
03 Kathleen Moriarty [Ballot Position Update] Position for Kathleen Moriarty has been changed to No Objection from Discuss
2016-11-29
03 Alia Atlas [Ballot comment]
Is this intended to go to Internet Standard or Proposed Standard again?
2016-11-29
03 Alia Atlas [Ballot Position Update] New position, No Objection, has been recorded for Alia Atlas
2016-11-29
03 Alvaro Retana [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana
2016-11-29
03 Kathleen Moriarty
[Ballot discuss]
Holding a discuss until the Gen-art conversation on minimum size of the fressness token resolves.  Will switch to a yes once that is …
[Ballot discuss]
Holding a discuss until the Gen-art conversation on minimum size of the fressness token resolves.  Will switch to a yes once that is resolved.
https://www.ietf.org/mail-archive/web/gen-art/current/msg13942.html
2016-11-29
03 Kathleen Moriarty [Ballot Position Update] Position for Kathleen Moriarty has been changed to Discuss from No Objection
2016-11-29
03 Kathleen Moriarty [Ballot Position Update] New position, No Objection, has been recorded for Kathleen Moriarty
2016-11-28
03 Robert Sparks Request for Telechat review by GENART Completed: Ready. Reviewer: Robert Sparks.
2016-11-23
03 Alexey Melnikov [Ballot Position Update] New position, No Objection, has been recorded for Alexey Melnikov
2016-11-23
03 Jean Mahoney Request for Telechat review by GENART is assigned to Robert Sparks
2016-11-23
03 Jean Mahoney Request for Telechat review by GENART is assigned to Robert Sparks
2016-11-22
03 Mirja Kühlewind [Ballot Position Update] New position, No Objection, has been recorded for Mirja Kühlewind
2016-11-16
03 Amanda Baber IANA Review state changed to IANA OK - Actions Needed from Version Changed - Review Needed
2016-11-16
03 Stephen Farrell Placed on agenda for telechat - 2016-12-01
2016-11-16
03 Stephen Farrell Changed consensus to Yes from Unknown
2016-11-16
03 Stephen Farrell IESG state changed to IESG Evaluation from Waiting for Writeup
2016-11-16
03 Stephen Farrell Ballot has been issued
2016-11-16
03 Stephen Farrell [Ballot Position Update] New position, Yes, has been recorded for Stephen Farrell
2016-11-16
03 Stephen Farrell Created "Approve" ballot
2016-11-16
03 Stephen Farrell Ballot writeup was changed
2016-11-16
03 (System) IANA Review state changed to Version Changed - Review Needed from IANA - Not OK
2016-11-16
03 Shawn Emery New version available: draft-ietf-kitten-rfc6112bis-03.txt
2016-11-16
03 (System) New version approved
2016-11-16
03 (System) Request for posting confirmation emailed to previous authors: "Sam Hartman" , "Larry Zhu" , "Paul Leach" , "Shawn Emery"
2016-11-16
03 Shawn Emery Uploaded new revision
2016-11-10
02 Tero Kivinen Request for Last Call review by SECDIR Completed: Has Nits. Reviewer: Carl Wallace.
2016-11-02
02 (System) IESG state changed to Waiting for Writeup from In Last Call
2016-11-01
02 (System) IANA Review state changed to IANA - Not OK from IANA - Review Needed
2016-11-01
02 Sabrina Tanamal
(Via drafts-lastcall-comment@iana.org): IESG/Authors/WG Chairs:

The IANA Services Operator has completed its review of draft-ietf-kitten-rfc6112bis-02.txt. If any part of this review is inaccurate, please let …
(Via drafts-lastcall-comment@iana.org): IESG/Authors/WG Chairs:

The IANA Services Operator has completed its review of draft-ietf-kitten-rfc6112bis-02.txt. If any part of this review is inaccurate, please let us know.

Upon approval of this document, we understand that there are no actions to complete.

We have a question about one of the actions requested in the IANA Considerations section of this document.

The author request that:

"This document defines a new 'anonymous' Kerberos well-known name and a new 'anonymous' Kerberos well-known realm based on [RFC6111]. We have added these two values to the Kerberos naming registries that are created in [RFC6111]."

Question --> We note that those values are already in the required registries. Should [ RFC-to-be ] be added to the references for those two registrations? Or, should [ RFC-to-be ] replace the existing references?

Note:  The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is only to confirm what actions will be performed.

Thank you,

Sabrina Tanamal
IANA Services Specialist
PTI
2016-10-22
02 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to Tim Wicinski
2016-10-22
02 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to Tim Wicinski
2016-10-21
02 Robert Sparks Request for Last Call review by GENART Completed: Ready with Nits. Reviewer: Robert Sparks.
2016-10-20
02 Jean Mahoney Request for Last Call review by GENART is assigned to Robert Sparks
2016-10-20
02 Jean Mahoney Request for Last Call review by GENART is assigned to Robert Sparks
2016-10-20
02 Tero Kivinen Request for Last Call review by SECDIR is assigned to Carl Wallace
2016-10-20
02 Tero Kivinen Request for Last Call review by SECDIR is assigned to Carl Wallace
2016-10-19
02 Amy Vezza IANA Review state changed to IANA - Review Needed
2016-10-19
02 Amy Vezza
The following Last Call announcement was sent out:

From: The IESG
To: "IETF-Announce"
CC: kitten@ietf.org, mrogers@redhat.com, kitten-chairs@ietf.org, draft-ietf-kitten-rfc6112bis@ietf.org, stephen.farrell@cs.tcd.ie
Reply-To: ietf@ietf.org …
The following Last Call announcement was sent out:

From: The IESG
To: "IETF-Announce"
CC: kitten@ietf.org, mrogers@redhat.com, kitten-chairs@ietf.org, draft-ietf-kitten-rfc6112bis@ietf.org, stephen.farrell@cs.tcd.ie
Reply-To: ietf@ietf.org
Sender:
Subject: Last Call:  (Anonymity Support for Kerberos) to Proposed Standard


The IESG has received a request from the Common Authentication Technology
Next Generation WG (kitten) to consider the following document:
- 'Anonymity Support for Kerberos'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2016-11-02. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


  This document defines extensions to the Kerberos protocol to allow a
  Kerberos client to securely communicate with a Kerberos application
  service without revealing its identity, or without revealing more
  than its Kerberos realm.  It also defines extensions that allow a
  Kerberos client to obtain anonymous credentials without revealing its
  identity to the Kerberos Key Distribution Center (KDC).  This
  document updates RFCs 4120, 4121, and 4556.  This document obsoletes
  RFC 6112 and reclassifies that document as historic.  RFC 6112
  contained errors and the protocol described in that specification is
  not interoperable with any known implementation.  This specification
  describes a protocol that interoperates with multiple
  implementations.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-kitten-rfc6112bis/

IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-ietf-kitten-rfc6112bis/ballot/


No IPR declarations have been submitted directly on this I-D.




2016-10-19
02 Amy Vezza IESG state changed to In Last Call from Last Call Requested
2016-10-19
02 Stephen Farrell Last call was requested
2016-10-19
02 Stephen Farrell Ballot approval text was generated
2016-10-19
02 Stephen Farrell Ballot writeup was generated
2016-10-19
02 Stephen Farrell IESG state changed to Last Call Requested from Publication Requested
2016-10-19
02 Stephen Farrell Last call announcement was generated
2016-10-17
02 Cindy Morgan Notification list changed to mrogers@redhat.com
2016-10-17
02 Cindy Morgan
1. Summary

Matt Rogers is the document shepherd.  Stephen Farrell is the
responsible Area Director.

This document describes Kerberos extensions for client anonymity
support.  These …
1. Summary

Matt Rogers is the document shepherd.  Stephen Farrell is the
responsible Area Director.

This document describes Kerberos extensions for client anonymity
support.  These extensions give Kerberos clients the ability to
authenticate and securely communicate with a service, without revealing
the client identity.  Two methods are described; one that only reveals
the client’s identity to its own KDC, and another that utilizes
anonymous PKINIT to hide the client identity completely.

This is request for publication of a Standards Track document to
obsolete RFC 6112, which had technical errors that made the described
extensions inoperable with existing implementations.

2. Review and Consensus

There is consensus among the WG for this document, and as a “bis”
document all errata have been considered. Aside from a few editorial
corrections, there are three primary changes to the
specification.  First, when using the anonymous PKINIT method, the
ticket session key is derived using the KRB-FX-CF2 operation, which
requires two input constants “pepper1” and “pepper2”.  The
“pepper2”  constant was incorrect in RFC 6112 and has been chang
ed to its correct value.  Second, the need for setting the anonymous
KDC flag in a anonymous TGS request changed from a MUST to a
SHOULD.  Third, a new paragraph has been added which clarifies a MITM
scenario that is prevented by the anonymous PKINIT session-key
derivation method.

3. Intellectual Property

There are no intellectual property disclosures against this document,
and all authors have confirmed compliance with BCPs 78 and 79.
2016-10-17
02 Cindy Morgan Responsible AD changed to Stephen Farrell
2016-10-17
02 Cindy Morgan Intended Status changed to Proposed Standard
2016-10-17
02 Cindy Morgan IESG process started in state Publication Requested
2016-10-17
02 Cindy Morgan Working group state set to Submitted to IESG for Publication
2016-10-11
02 Benjamin Kaduk Notification list changed to "Matt Rogers" <mrogers@redhat.com>
2016-10-11
02 Benjamin Kaduk Document shepherd changed to Matt Rogers
2016-09-05
02 Shawn Emery New version available: draft-ietf-kitten-rfc6112bis-02.txt
2016-07-26
01 Benjamin Kaduk
Greg has been working with Shawn to tighten up some text describing potential attacks and other editorial fixes; we want a new revision with those …
Greg has been working with Shawn to tighten up some text describing potential attacks and other editorial fixes; we want a new revision with those fixes in place.
2016-07-26
01 Benjamin Kaduk Tag Revised I-D Needed - Issue raised by WGLC set.
2016-07-26
01 Benjamin Kaduk IETF WG state changed to WG Consensus: Waiting for Write-Up from In WG Last Call
2016-07-26
01 Naveen Khan New version available: draft-ietf-kitten-rfc6112bis-01.txt
2015-01-20
00 Benjamin Kaduk IETF WG state changed to In WG Last Call from WG Document
2014-03-03
00 Sam Hartman New version available: draft-ietf-kitten-rfc6112bis-00.txt