(1) What type of RFC is being requested (BCP, Proposed Standard,
Internet Standard, Informational, Experimental, or Historic)? Why
is this the proper type of RFC? Is this type of RFC indicated in the
title page header?
We are requesting publication of this document as a Proposed Standard.
This is an extension to the Kerberos protocol as defined in RFC4120.
(2) The IESG approval announcement includes a Document Announcement
Write-Up. Please provide such a Document Announcement Write-Up. Recent
examples can be found in the "Action" announcements for approved
documents. The approval announcement contains the following sections:
XXX update abstract
The memo documents a method for a Kerberos Key Distribution Center
(KDC) to respond to client requests for Kerberos tickets when the
client does not have detailed configuration information on the realms
of users or services. The KDC will handle requests for principals in
other realms by returning either a referral error or a cross-realm
TGT to another realm on the referral path. The clients will use this
referral information to reach the realm of the target principal and
then receive the ticket. This memo also provides a mechanism for
verifying that a request has not been tampered with in transit.
Working Group Summary
This document represents the consensus of the Kerberos Working Group.
Having been under development for quite some time, it has a long
and somewhat complex history and has gone through several changes in
editorship. It has been discussed extensively and there has been
ongoing support for the functionality added by this document.
Over its life, this document has undergone a number of changes.
Most recently, it has been reworked to take advantage of other
work done in the working group since work on this document began,
resulting in a considerably simpler document which is easier both
to understand and to implement.
Some features which were originally planned for this document or
added during its development have been removed. In some cases,
this is to better align with existing and planned implementations.
In others, it is because the working group has not yet been able
to produce satisfactory solutions to certain problems, and so has
decided to defer work on those issues.
At least two major implementations support the Kerberos protocol
extensions defined in this document.
The Document Shepherd for this document is Jeffrey Hutzelman.
The responsible Area Director is Stephen Farrell.
(3) Briefly describe the review of this document that was performed by
the Document Shepherd. If this version of the document is not ready
for publication, please explain why the document is being forwarded to
XXX pending response to review comments
I have reviewed this document, and any issues raised have been
resolved to my satisfaction. I believe the document is now ready
for IETF-wide review and publication as an RFC.
(4) Does the document Shepherd have any concerns about the depth or
breadth of the reviews that have been performed?
This document has undergone review and discussion within the
working group. Any technical issues raised were resolved. I am
satisfied that this document has received sufficient review.
(5) Do portions of the document need review from a particular or from
broader perspective, e.g., security, operational complexity, AAA, DNS,
DHCP, XML, or internationalization? If so, describe the review that
I don't believe any particular external review is needed for this
(6) Describe any specific concerns or issues that the Document Shepherd
has with this document that the Responsible Area Director and/or the
IESG should be aware of? For example, perhaps he or she is uncomfortable
with certain parts of the document, or has concerns whether there really
is a need for it. In any event, if the WG has discussed those issues and
has indicated that it still wishes to advance the document, detail those
I have no particular concerns with this document.
(7) Has each author confirmed that any and all appropriate IPR
disclosures required for full conformance with the provisions of BCP 78
and BCP 79 have already been filed. If not, explain why.
XXX pending author IPR confirmation
All authors have confirmed that any required IPR disclosures have
(8) Has an IPR disclosure been filed that references this document?
If so, summarize any WG discussion and conclusion regarding the IPR
A search using the tool at https://datatracker.ietf.org/ipr/search/
did not find any IPR disclosures related to this document.
(9) How solid is the WG consensus behind this document? Does it
represent the strong concurrence of a few individuals, with others
being silent, or does the WG as a whole understand and agree with it?
There has been consensus for some time within the working group
on the basic functionality introduced in this document. As noted
in the writeup, it has been around for some time and has undergone
extensive discussion. Recent changes to simplify the document,
rework using FAST, and remove features not implemented and not
likely to be implemented were all presented to the WG in advance
and did not meet with any objections.
I believe there is consensus within the working group to publish
this document in its current form.
(10) Has anyone threatened an appeal or otherwise indicated extreme
discontent? If so, please summarise the areas of conflict in separate
email messages to the Responsible Area Director. (It should be in a
separate email because this questionnaire is publicly available.)
There have been no expressions of discontent.
(11) Identify any ID nits the Document Shepherd has found in this
document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts
Checklist). Boilerplate checks are not enough; this check needs to be
This document has been run through the idnits tool, and was reviewed
manually for compliance with requirements not checked by the automatic
(12) Describe how the document meets any required formal review
criteria, such as the MIB Doctor, media type, and URI type reviews.
No formal review criteria apply to this document.
(13) Have all references within this document been identified as
either normative or informative?
References have been split appropriately.
(14) Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state? If such normative
references exist, what is the plan for their completion?
There are no normative references to other documents that are not
ready for advancement.
(15) Are there downward normative references references (see RFC 3967)?
If so, list these downward references to support the Area Director in the
Last Call procedure.
There are no normative downward references.
(16) Will publication of this document change the status of any
existing RFCs? Are those RFCs listed on the title page header, listed
in the abstract, and discussed in the introduction? If the RFCs are not
listed in the Abstract and Introduction, explain why, and point to the
part of the document where the relationship of this document to the
other RFCs is discussed. If this information is not in the document,
explain why the WG considers it unnecessary.
This document updates RFC4120, which defines the Kerberos protocol.
It makes changes which are possible only by modifying the base
protocol, including assigning meaning to previously-unused ticket
flags and KDC options and extending existing protocol data types.
This updating of RFC4120 is called out in the header, abstract,
(17) Describe the Document Shepherd's review of the IANA considerations
section, especially with regard to its consistency with the body of the
document. Confirm that all protocol extensions that the document makes
are associated with the appropriate reservations in IANA registries.
Confirm that any referenced IANA registries have been clearly
identified. Confirm that newly created IANA registries include a
detailed specification of the initial contents for the registry, that
allocations procedures for future registrations are defined, and a
reasonable name for the new registry has been suggested (see RFC 5226).
XXX pending verification of key usage registration
This document requires registration of one value in an IANA-managed
registry, which is appropriately documented in the IANA considerations
section. In addition, it requires registration of values in existing
registries which are managed by the Kerberos working group and have
not yet been turned over to IANA control.
(18) List any new IANA registries that require Expert Review for future
allocations. Provide any public guidance that the IESG would find
useful in selecting the IANA Experts for these new registries.
This document creates no registries requiring Expert Review.
(19) Describe reviews and automated checks performed by the Document
Shepherd to validate sections of the document written in a formal
language, such as XML code, BNF rules, MIB definitions, etc.
This document contains fragments of ASN.1 which define new types
or illustrate changes to the Kerberos ASN.1 module defined in
RFC4120. Since there is no complete module, there is no easy way
to mechanically verify these. However, on inspection they appear
correct, and multiple implementors have successfully used this
document as a basis for implementation.