Kerberos Authorization Data Container Authenticated by Multiple MACs
draft-ietf-krb-wg-cammac-11
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2016-12-13
|
11 | Stephen Farrell | was showing in odd state in tools WG page even though had been replaced |
2016-12-13
|
11 | Stephen Farrell | Tag Other - see Comment Log set. |
2016-12-13
|
11 | Stephen Farrell | IETF WG state changed to Parked WG Document from Submitted to IESG for Publication |
2015-10-14
|
11 | (System) | Notify list changed from kitten-chairs@ietf.org, draft-ietf-krb-wg-cammac@ietf.org to (None) |
2014-10-06
|
11 | Benjamin Kaduk | 1. Summary The document shepherd is Benjamin Kaduk. The responsible Area Director is Stephen Farrell. This document provides a new authorization data container for Kerberos, … 1. Summary The document shepherd is Benjamin Kaduk. The responsible Area Director is Stephen Farrell. This document provides a new authorization data container for Kerberos, with functionality extending that of the existing AD-KDC-ISSUED container. The new functionality allows a KDC to be able to validate that a ticket being presented to the KDC contains authorization data issued by a KDC (in the same realm), whereas AD-KDC-ISSUED only allows for the Kerberos application service to perform that validation. Since this is an update to the standards-track RFC 4120, it must also be a standards-track document. 2. Review and Consensus The review process for this document was quite spread out in time, with action occurring in occasional bursts. Almost all of the Kerberos experts who regularly participate in the WG have contributed to reviewing this document at some point in its history, but not necessarily all at the same time. There was a lot of discussion around the time of the initial few revisions, but then a lull in activity. Version -05 got a lot of review comments, which resulted in some (substantive, but relatively minor) changes to the specification. It was unclear what level of review those changes had received, after essentially no comments were received during a WGLC period for the -08, so we solicited further comments at that time, and got thorough review from two Kerberos experts, which the shepherd believes is sufficient. These post-WGLC reviews were largely editorial, but there were three issues of substance that were raised, two of which received heavy discussion. Discussion of the implicit criticality of authorization data in Kerberos resulted in full consensus for the text in section 5. The WG may choose to revisit the usage of critical authorization data in Kerberos in future work, but that question does not need to be resolved for this document to move forward. Discussion of the binding of the CAMMAC to the ticket service principal name resulted in full consensus for the text in the last paragraph of section 8. The desire for a consumer of the CAMMAC to exist or an IANA registry for authorization types to exist prior to publication of this document did not receive much discussion, but seems to be resolved by the existence of draft-jain-kitten-krb-auth-indicator, which came out after the concern was raised. There are not currently any implementations, but Red Hat and MIT plan to collaborate to produce an implementation. 3. Intellectual Property Each author has confirmed conformance with BCP 78/79. There are no IPR declarations against this document. 4. Other Points This document makes no request of IANA. It allocates numbers in the Kerberos authorization data types registry and the Kerberos key usage registry, which are currently managed independently of IANA (see also draft-ietf-kitten-kerberos-iana-registries). As mentioned above, the shepherd does not believe that publication of this document must wait for these registries to be transferred into IANA's control. The current registrar for these Kerberos registries is a coauthor of the document and assigned the numbers listed in it. 'idnits' has a few false positives: though this document Updates RFC 4120, it does not contain any content copied from RFC 4120 (all content is new in this document), so no disclaimer for pre-RFC5378 work is needed. Additionally, the checker notes for various ASN.1 tags, "Looks like a reference, but probably isn't". We are in the "probably" case, here. |
2014-10-06
|
11 | Benjamin Kaduk | State Change Notice email list changed to kitten-chairs@tools.ietf.org, draft-ietf-krb-wg-cammac@tools.ietf.org |
2014-10-06
|
11 | Benjamin Kaduk | Responsible AD changed to Stephen Farrell |
2014-10-06
|
11 | Benjamin Kaduk | IETF WG state changed to Submitted to IESG for Publication from WG Document |
2014-10-06
|
11 | Benjamin Kaduk | IESG state changed to Publication Requested |
2014-10-06
|
11 | Benjamin Kaduk | IESG process started in state Publication Requested |
2014-10-06
|
11 | Benjamin Kaduk | Intended Status changed to Proposed Standard from None |
2014-10-06
|
11 | Benjamin Kaduk | Changed document writeup |
2014-10-06
|
11 | Benjamin Kaduk | Document shepherd changed to Benjamin Kaduk |
2014-10-03
|
11 | Taylor Yu | New version available: draft-ietf-krb-wg-cammac-11.txt |
2014-09-10
|
10 | Taylor Yu | New version available: draft-ietf-krb-wg-cammac-10.txt |
2014-09-05
|
09 | Taylor Yu | New version available: draft-ietf-krb-wg-cammac-09.txt |
2014-06-30
|
08 | Taylor Yu | New version available: draft-ietf-krb-wg-cammac-08.txt |
2014-05-08
|
07 | Taylor Yu | New version available: draft-ietf-krb-wg-cammac-07.txt |
2013-10-21
|
06 | Taylor Yu | New version available: draft-ietf-krb-wg-cammac-06.txt |
2013-07-14
|
05 | Taylor Yu | New version available: draft-ietf-krb-wg-cammac-05.txt |
2013-03-18
|
04 | Cindy Morgan | Changed field(s): group,abstract |
2013-02-25
|
04 | Taylor Yu | New version available: draft-ietf-krb-wg-cammac-04.txt |
2012-10-22
|
03 | Taylor Yu | New version available: draft-ietf-krb-wg-cammac-03.txt |
2012-05-23
|
02 | Thomas Hardjono | New version available: draft-ietf-krb-wg-cammac-02.txt |
2012-02-09
|
01 | (System) | New version available: draft-ietf-krb-wg-cammac-01.txt |
2012-02-09
|
00 | (System) | New version available: draft-ietf-krb-wg-cammac-00.txt |