Extended Kerberos Version 5 Key Distribution Center (KDC) Exchanges over TCP
draft-ietf-krb-wg-tcp-expansion-02

[Ballot comment]
I like the 'Interoperability considerations' section. It is provides a short and clear explanation of interoperability and backwards compatibility problems, suggests possible actions on hosts stack and explains what is left unsolved, making possible an educated decision.

[Ballot comment]
Section 30, paragraph 1:
>    IANA will register values 0 to 29 after IESG Approval, as defined in
>    BCP 64 [2].  Assigning value 30 requires a Standards Action that
>    update or obsolete this document.

  I don't understand why 30 is treated as a special case here.

[Ballot discuss]
Appendix A., paragraph 1:
>    Regarding this entire document or any portion of it, the author makes
>    no guarantees and is not responsible for any damage resulting from
>    its use.  The author grants irrevocable permission to anyone to use,
>    modify, and distribute it in any way that does not diminish the
>    rights of anyone else to use, modify, and distribute it, provided
>    that redistributed derivative works do not contain misleading author
>    or version information.  Derivative works need not be licensed under
>    similar terms.

  DISCUSS: How does this statement interact with the IETF copyright
  boilerplate? (Will clear as soon as that's been clarified.)

IANA Last Call Comments:

Upon approval of this document, the IANA will create
the following registry "Kerberos TCP Extensions"
located at

http://www.iana.org/assignments/TBD

The policy for this registry is that IANA will
register values 0 to 29 after IESG Approval, as
defined in BCP 64 [2]. Assigning value 30
requires a Standards Action that update or
obsolete this document.

Initial contents of this registry will be:


Bit # Reference
----- ---------
0..29 AVAILABLE for registration.
30 RESERVED. [RFC-krb-wg-tcp-expansion-01]

We understand the above to be the only IANA
Action for this document.

PROTO Write-up

(1.a) Who is the Document Shepherd for this document? Has the
Document Shepherd personally reviewed this version of the
document and, in particular, does he or she believe this
version is ready for forwarding to the IESG for publication?

>> The Document Shepard for this document is Jeffrey Hutzelman,
>> . I have reviewed this document and believe
>> it is ready for publication.

(1.b) Has the document had adequate review both from key WG members
and from key non-WG members? Does the Document Shepherd have
any concerns about the depth or breadth of the reviews that
have been performed?

>> This document has been reviewed by several key participants
>> in the Kerberos working group, who are well-equipped to
>> evaluate the extension mechanism it describes. Given the
>> nature of this document, I don't feel it needs review from
>> any specific individuals outside the working group.

(1.c) Does the Document Shepherd have concerns that the document
needs more review from a particular or broader perspective,
e.g., security, operational complexity, someone familiar with
AAA, internationalization or XML?

>> This document specifies a fairly straightforward extension
>> mechanism for the Kerberos protocol. I don't feel that any
>> particular broader review is required, though of course,
>> more review and comments are always welcome.

(1.d) Does the Document Shepherd have any specific concerns or
issues with this document that the Responsible Area Director
and/or the IESG should be aware of? For example, perhaps he
or she is uncomfortable with certain parts of the document, or
has concerns whether there really is a need for it. In any
event, if those issues have been discussed in the WG and the
WG has indicated that it still wishes to advance the document,
detail those concerns here.

>> No, I have no particular concerns about this document.

(1.e) How solid is the WG consensus behind this document? Does it
represent the strong concurrence of a few individuals, with
others being silent, or does the WG as a whole understand and
agree with it?

>> This document has been actively reviewed by working group
>> participants, some of whom have contributed substantive
>> changes. I believe there is strong consensus within the
>> group for this approach. There were one or two individuals
>> who expressed an opinion that this extension mechanism should
>> not move forward unless/until we have an extension in the
>> pipeline which would use it. However, this was not the
>> consensus of the working group.

(1.f) Has anyone threatened an appeal or otherwise indicated extreme
discontent? If so, please summarise the areas of conflict in
separate email messages to the Responsible Area Director. (It
should be in a separate email because this questionnaire will
be entered into the ID Tracker.)

>> While the consensus to move the document forward at this time
>> was not unanimous (see above), there has been no indication
>> from those individuals who did not agree with the consensus
>> that they were dissatisfied or would appeal.

(1.g) Has the Document Shepherd verified that the document satisfies
all ID nits? (See http://www.ietf.org/ID-Checklist.html and
http://tools.ietf.org/tools/idnits/). Boilerplate checks are
not enough; this check needs to be thorough.

>> This document has been run through the idnits tool, and was
>> reviewed manually for compliance with requirements not checked
>> by the automatic tool. No problems were found.

(1.h) Has the document split its references into normative and
informative? Are there normative references to documents that
are not ready for advancement or are otherwise in an unclear
state? If such normative references exist, what is the
strategy for their completion? Are there normative references
that are downward references, as described in [RFC3967]? If
so, list these downward references to support the Area
Director in the Last Call procedure for them [RFC3967].

>> This document contains no non-normative references. All
>> normative references are to published RFC's.


Technical Summary

This document describes an extensibility mechanism for the Kerberos
v5 protocol when used over TCP transports.


Working Group Summary

This document represents the consensus of the Kerberos Working Group.


Document Quality

At least one implementor has indicated an intent to implement both
this extension mechanism and an extension which makes use of it.
Others have indicated no current plans to do so, but this is not
surprising given the (current) lack of standards-track extensions
which make use of this mechanism.

The document shepherd for this document was Jeffrey Hutzelman.
The responsible Area Director was Sam Hartman