SPNEGO-based Kerberos and NTLM HTTP Authentication in Microsoft Windows
draft-jaganathan-kerberos-http-01

• Status
• IESG evaluation record
• IESG writeups
• Email expansions
• History

Approval announcement
Draft of message to be sent after approval:

Announcement

From: The IESG <iesg-secretary@ietf.org>
To: RFC Editor <rfc-editor@rfc-editor.org>
Cc: The IESG <iesg@ietf.org>, <iana@iana.org>, ietf-announce@ietf.org
Subject: Re: Informational RFC to be: 
         draft-jaganathan-kerberos-http-02.txt 

The IESG has no problem with the publication of 'Kerberos based HTTP 
Authentication in Windows' <draft-jaganathan-kerberos-http-02.txt> as an 
Informational RFC. 

The IESG would also like the IRSG or RFC-Editor to review the comments in 
the datatracker 
(https://datatracker.ietf.org/public/pidtracker.cgi?command=view_id&dTag=13247&rfc_flag=0) 
related to this document and determine whether or not they merit 
incorporation into the document. Comments may exist in both the ballot 
and the comment log. 

The IESG contact person is Scott Hollenbeck.

A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-jaganathan-kerberos-http-02.txt


The process for such documents is described at http://www.rfc-editor.org/indsubs.html.

Thank you,

The IESG Secretary

Ballot Text

Technical Summary
 
This document describes how the Microsoft Internet Explorer (MSIE)
and Internet Information Services (IIS) incorporated in Microsoft
Windows 2000 use Kerberos for security enhancements of web
transactions.  The Hypertext Transport Protocol (HTTP) auth-scheme of
"negotiate" is defined here; when the negotiation results in the
selection of Kerberos, the security services of authentication and
optionally impersonation(the IIS server assuming the windows identity
of the principal which has been authenticated) are performed.  This
document explains how HTTP authentication utilizes the Simple and
Protected GSS-API Negotiation mechanism.  Details of SPNEGO
implementation are not provided in this document.
 
Working Group Summary
 
This document is the work of individual submitters who asked the
RFC Editor to publish it as an Informational RFC.  Thought it has
been evaluated by the IESG for conflicts with existing IETF work,
it has not been reviewed by an IETF working group.
 
Protocol Quality
 
Scott Hollenbeck and Sam Hartman have reviewed the document for the
IESG.  AD evaluation comments can be found in the I-D tracker.  The
authors claim that the mechanism described in the document has been
implemented in the Microsoft Internet Explorer (MSIE) and Internet
Information Services (IIS) incorporated in Microsoft Windows 2000.

IESG Note

This RFC is not a candidate for any level of Internet Standard.
The IETF disclaims any knowledge of the fitness of this RFC for
any purpose and in particular notes that the decision to publish
is not based on IETF review for such things as security,
congestion control, or inappropriate interaction with deployed
protocols.  The RFC Editor has chosen to publish this document at
its discretion.  Readers of this document should exercise caution
in evaluating its value for implementation and deployment.  See
RFC 3932 for more information.

Note to the RFC Editor

Please review the IESG evaluation comments found in the datatracker,
including suggestions from multiple Area Directors to change the title
of the document to include "Microsoft" with "Windows".

RFC Editor Note