Skip to main content

Anonymity Support for Kerberos
draft-ietf-krb-wg-anon-12

Revision differences

Document history

Date Rev. By Action
2010-12-02
12 (System) IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor
2010-12-01
12 (System) IANA Action state changed to Waiting on RFC Editor from In Progress
2010-12-01
12 (System) IANA Action state changed to In Progress from Waiting on Authors
2010-12-01
12 (System) IANA Action state changed to Waiting on Authors from In Progress
2010-12-01
12 (System) IANA Action state changed to In Progress from On Hold
2010-11-10
12 Cindy Morgan State changed to RFC Ed Queue from Approved-announcement sent.
2010-11-09
12 (System) IANA Action state changed to On Hold from In Progress
2010-11-09
12 (System) IANA Action state changed to In Progress
2010-11-09
12 Cindy Morgan IESG state changed to Approved-announcement sent
2010-11-09
12 Cindy Morgan IESG has approved the document
2010-11-09
12 Cindy Morgan Closed "Approve" ballot
2010-10-08
12 (System) Removed from agenda for telechat - 2010-10-07
2010-10-07
12 Cindy Morgan State changed to Approved-announcement to be sent::Point Raised - writeup needed from IESG Evaluation by Cindy Morgan
2010-10-06
12 Ron Bonica [Ballot Position Update] New position, No Objection, has been recorded by Ron Bonica
2010-10-06
12 Sean Turner
[Ballot comment]
1) Refer to RFC 5652 vice RFC 3852.

2) Sec 4.1.1: This is pretty nit-noid, but the certificates field is OPTIONAL in …
[Ballot comment]
1) Refer to RFC 5652 vice RFC 3852.

2) Sec 4.1.1: This is pretty nit-noid, but the certificates field is OPTIONAL in the ASN so it might be better to say absent as opposed to empty.  The signerInfos field isn't OPTIONAL so empty is correct.  It's up to you whether you should change this.
2010-10-06
12 Sean Turner [Ballot Position Update] New position, No Objection, has been recorded by Sean Turner
2010-10-06
12 Jari Arkko [Ballot Position Update] New position, No Objection, has been recorded by Jari Arkko
2010-10-06
12 Dan Romascanu [Ballot Position Update] New position, No Objection, has been recorded by Dan Romascanu
2010-10-06
12 Russ Housley
[Ballot comment]
Please consider the comments made by Elwyn Davies in the Gen-ART
  Review posted on 10 September 2010.  The review can be found …
[Ballot comment]
Please consider the comments made by Elwyn Davies in the Gen-ART
  Review posted on 10 September 2010.  The review can be found here:

    http://www.softarmor.com/rai/temp-gen-art/
    draft-krb-wg-ananon-12-davies.txt
2010-10-06
12 Russ Housley [Ballot Position Update] New position, No Objection, has been recorded by Russ Housley
2010-10-06
12 Robert Sparks [Ballot Position Update] New position, No Objection, has been recorded by Robert Sparks
2010-10-06
12 Stewart Bryant [Ballot Position Update] New position, No Objection, has been recorded by Stewart Bryant
2010-10-06
12 Gonzalo Camarillo [Ballot Position Update] New position, No Objection, has been recorded by Gonzalo Camarillo
2010-10-05
12 Peter Saint-Andre
[Ballot comment]
The Security Considerations note that "Because there are plaintext parts of the tickets that are exposed on the wire, such matching by a …
[Ballot comment]
The Security Considerations note that "Because there are plaintext parts of the tickets that are exposed on the wire, such matching by a third party observer is relatively straightforward." Presumably the use of transport layer security would minimize the attack surface here, so at least an informative reference to draft-josefsson-kerberos5-starttls might be appropriate.
2010-10-05
12 Peter Saint-Andre [Ballot Position Update] New position, No Objection, has been recorded by Peter Saint-Andre
2010-10-05
12 Adrian Farrel
[Ballot comment]
idnits (http://tools.ietf.org/tools/idnits/) notes a few issues with
references that other ADs have noted, and one problem with format. It
would be …
[Ballot comment]
idnits (http://tools.ietf.org/tools/idnits/) notes a few issues with
references that other ADs have noted, and one problem with format. It
would be good to sort these out.

---

I like the acknowledgement...

  Sam Hartman and Nicolas Williams were great champions of this work.

It is so often the case that document authors do not champion their
work :-)
2010-10-05
12 Adrian Farrel [Ballot Position Update] New position, No Objection, has been recorded by Adrian Farrel
2010-10-05
12 Sean Turner [Ballot comment]
1) Refer to RFC 5652 vice RFC 3852.
2010-10-05
12 Ralph Droms
[Ballot comment]
Section 4.2:

  The TGS SHOULD NOT
  populate identity-based authorization data into an anonymous ticket
  in that such authorization data typically …
[Ballot comment]
Section 4.2:

  The TGS SHOULD NOT
  populate identity-based authorization data into an anonymous ticket
  in that such authorization data typically reveals the client's
  identity.

MUST?  Or, under what conditions can the TGS violate the SHOULD NOT?

Section 7:

  The padata-value field of the PA-PKINIT-KX type padata contains the
  DER [X680] [X690] encoding of the Abstract Syntax Notation One
  (ASN.1) type PA-PKINIT-KX.

Are [X680] and [X690] citations?  There are no matching references in the References section.
2010-10-05
12 Ralph Droms [Ballot Position Update] New position, No Objection, has been recorded by Ralph Droms
2010-10-04
12 Tim Polk [Ballot Position Update] New position, Yes, has been recorded for Tim Polk
2010-10-04
12 Tim Polk Ballot has been issued by Tim Polk
2010-10-04
12 Lars Eggert [Ballot Position Update] New position, No Objection, has been recorded by Lars Eggert
2010-10-04
12 Lars Eggert Created "Approve" ballot
2010-10-03
12 Tim Polk State changed to IESG Evaluation from Waiting for AD Go-Ahead by Tim Polk
2010-10-03
12 Tim Polk Placed on agenda for telechat - 2010-10-07 by Tim Polk
2010-10-03
12 Tim Polk Note field has been cleared by Tim Polk
2010-09-17
12 Cindy Morgan State changed to Waiting for AD Go-Ahead from In Last Call by Cindy Morgan
2010-09-10
12 Amanda Baber
IANA understands that the IANA actions in this document are dependent
upon approval of another document:

http://tools.ietf.org/html/draft-ietf-krb-wg-naming-07

If both the current document and the krb-wg-naming …
IANA understands that the IANA actions in this document are dependent
upon approval of another document:

http://tools.ietf.org/html/draft-ietf-krb-wg-naming-07

If both the current document and the krb-wg-naming document are
approved, IANA understands that there are two IANA Actions to be completed.

First, IANA will create a new 'anonymous' Kerberos well-known name in
the registry created in:

http://tools.ietf.org/html/draft-ietf-krb-wg-naming-07

Second, IANA will create a new 'anonymous' Kerberos well-known realm
based in the registry created in:

http://tools.ietf.org/html/draft-ietf-krb-wg-naming-07

IANA understands that these are the only actions that will need to be
completed upon approval of this document (and the approval of the
dependent krb-wg-naming document).
2010-09-01
12 Amy Vezza Last call sent
2010-09-01
12 Amy Vezza State changed to In Last Call from Last Call Requested by Amy Vezza
2010-09-01
12 Tim Polk Last Call was requested by Tim Polk
2010-09-01
12 Tim Polk State changed to Last Call Requested from Publication Requested by Tim Polk
2010-08-30
12 (System) New version available: draft-ietf-krb-wg-anon-12.txt
2010-08-30
12 Tim Polk State changed to Publication Requested from Dead by Tim Polk
2010-06-29
11 (System) New version available: draft-ietf-krb-wg-anon-11.txt
2009-04-13
12 (System) State Changes to Dead from AD is watching by system
2009-04-13
12 (System) Document has expired
2008-10-30
12 Tim Polk New WG and IETF Last Calls are needed in light of significant changes in content.
2008-10-30
12 Tim Polk State Changes to AD is watching from Waiting for AD Go-Ahead by Tim Polk
2008-10-30
12 Tim Polk New WG and IETF Last Calls are needed in light of significant changes in content.
2008-10-10
10 (System) New version available: draft-ietf-krb-wg-anon-10.txt
2008-09-10
09 (System) New version available: draft-ietf-krb-wg-anon-09.txt
2008-08-20
08 (System) New version available: draft-ietf-krb-wg-anon-08.txt
2008-07-27
07 (System) New version available: draft-ietf-krb-wg-anon-07.txt
2008-05-17
06 (System) New version available: draft-ietf-krb-wg-anon-06.txt
2008-05-02
12 Sam Weiler Request for Last Call review by SECDIR Completed. Reviewer: Phillip Hallam-Baker.
2008-03-07
12 (System) State has been changed to Waiting for AD Go-Ahead from In Last Call by system
2008-03-05
12 Amanda Baber
IANA Last Call comments:

[ Note: registries will be created by draft-ietf-krb-wg-naming-04.txt ]

Action 1

Upon approval of this document, the IANA will make the …
IANA Last Call comments:

[ Note: registries will be created by draft-ietf-krb-wg-naming-04.txt ]

Action 1

Upon approval of this document, the IANA will make the following
assignments in the "Well Known Kerberos Names" registry located at
http://www.iana.org/assignments/TBD
sub-registry "Well Known Principal Names"

Well Known Principal Names Reference
-------------------------- --------------------
WELLKNOWN/ANONYMOUS [RFC-krb-wg-anon-05]


Action 2:

Upon approval of this document, the IANA will make the following
assignments in the "Well Known Kerberos Names" registry located at
http://www.iana.org/assignments/TBD
sub-registry "Well Known Realm Names"


Well Known Realm Names Reference
---------------------- --------------------
WELLKNOWN:ANONYMOUS [RFC-krb-wg-anon-05]
2008-02-25
12 Sam Weiler Request for Last Call review by SECDIR is assigned to Phillip Hallam-Baker
2008-02-25
12 Sam Weiler Request for Last Call review by SECDIR is assigned to Phillip Hallam-Baker
2008-02-22
12 Amy Vezza State Changes to In Last Call from Last Call Requested by Amy Vezza
2008-02-22
12 Tim Polk State Changes to Last Call Requested from Publication Requested by Tim Polk
2008-02-22
12 Tim Polk Last Call was requested by Tim Polk
2008-02-22
12 (System) Ballot writeup text was added
2008-02-22
12 (System) Last call text was added
2008-02-22
12 (System) Ballot approval text was added
2008-02-22
12 Tim Polk Intended Status has been changed to Proposed Standard from None
2008-02-07
12 Tim Polk The Document Shepherd for this document is Jeffrey Hutzelman.
2008-02-07
12 Tim Polk Draft Added by Tim Polk in state Publication Requested
2008-01-30
05 (System) New version available: draft-ietf-krb-wg-anon-05.txt
2007-07-08
04 (System) New version available: draft-ietf-krb-wg-anon-04.txt
2007-03-05
03 (System) New version available: draft-ietf-krb-wg-anon-03.txt
2006-10-11
02 (System) New version available: draft-ietf-krb-wg-anon-02.txt
2006-07-17
01 (System) New version available: draft-ietf-krb-wg-anon-01.txt
2006-06-09
00 (System) New version available: draft-ietf-krb-wg-anon-00.txt