Skip to main content

Kerberos Cryptosystem Negotiation Extension
draft-zhu-kerb-enctype-nego-04

Revision differences

Document history

Date Rev. By Action
2006-02-20
04 Amy Vezza State Changes to RFC Ed Queue from Approved-announcement sent by Amy Vezza
2006-02-10
04 Amy Vezza IESG state changed to Approved-announcement sent
2006-02-10
04 Amy Vezza IESG has approved the document
2006-02-10
04 Amy Vezza Closed "Approve" ballot
2006-02-03
04 Amy Vezza State Changes to Approved-announcement to be sent::Point Raised - writeup needed from IESG Evaluation by Amy Vezza
2006-02-03
04 (System) Removed from agenda for telechat - 2006-02-02
2006-02-02
04 Alex Zinin [Ballot Position Update] New position, No Objection, has been recorded for Alex Zinin by Alex Zinin
2006-02-02
04 Bill Fenner [Ballot Position Update] New position, No Objection, has been recorded for Bill Fenner by Bill Fenner
2006-02-02
04 Bert Wijnen [Ballot Position Update] New position, No Objection, has been recorded for Bert Wijnen by Bert Wijnen
2006-02-01
04 David Kessens [Ballot Position Update] New position, No Objection, has been recorded for David Kessens by David Kessens
2006-02-01
04 Michelle Cotton IANA Comments:
As described in the IANA Considerations section, we understand there to be NO IANA Actions for this document.
2006-02-01
04 Brian Carpenter [Ballot Position Update] Position for Brian Carpenter has been changed to No Objection from Undefined by Brian Carpenter
2006-01-31
04 Scott Hollenbeck [Ballot Position Update] New position, No Objection, has been recorded for Scott Hollenbeck by Scott Hollenbeck
2006-01-31
04 Ted Hardie [Ballot Position Update] New position, No Objection, has been recorded for Ted Hardie by Ted Hardie
2006-01-30
04 Russ Housley [Ballot comment]
In the Abstract:
  s/Kerberos protocol/Kerberos protocol as defined in RFC 4120/
2006-01-30
04 Russ Housley [Ballot Position Update] New position, No Objection, has been recorded for Russ Housley by Russ Housley
2006-01-30
04 Brian Carpenter
[Ballot comment]
KDC should be defined where first used (line 1 of the Introduction).

At the end of section 3:
  The server MAY ignore …
[Ballot comment]
KDC should be defined where first used (line 1 of the Introduction).

At the end of section 3:
  The server MAY ignore the preference order indicated by the client.
  The policy by which the client or the server chooses an enctype
  (i.e., how the preference order for the supported enctypes is
  selected) is a local matter.

Would it be useful to observe that this would actually allow
a local decision to prefer weaker security than chosen by the KDC?
2006-01-30
04 Brian Carpenter [Ballot Position Update] New position, Undefined, has been recorded for Brian Carpenter by Brian Carpenter
2006-01-29
04 Sam Hartman [Note]: 'Proto shepherd: jhutz@cmu.edu' added by Sam Hartman
2006-01-29
04 Sam Hartman State Changes to IESG Evaluation from Waiting for AD Go-Ahead by Sam Hartman
2006-01-27
04 (System) State has been changed to Waiting for AD Go-Ahead from In Last Call by system
2006-01-25
04 Sam Hartman [Ballot Position Update] New position, Yes, has been recorded for Sam Hartman
2006-01-25
04 Sam Hartman Ballot has been issued by Sam Hartman
2006-01-25
04 Sam Hartman Created "Approve" ballot
2006-01-13
04 Amy Vezza Last call sent
2006-01-13
04 Amy Vezza State Changes to In Last Call from Last Call Requested by Amy Vezza
2006-01-13
04 Sam Hartman Placed on agenda for telechat - 2006-02-02 by Sam Hartman
2006-01-13
04 Sam Hartman Last Call was requested by Sam Hartman
2006-01-13
04 Sam Hartman State Changes to Last Call Requested from AD Evaluation by Sam Hartman
2006-01-13
04 (System) Ballot writeup text was added
2006-01-13
04 (System) Last call text was added
2006-01-13
04 (System) Ballot approval text was added
2006-01-13
04 Sam Hartman
  1.a) Have the chairs personally reviewed this version of the Internet
        Draft (ID), and in particular, do they believe this …
  1.a) Have the chairs personally reviewed this version of the Internet
        Draft (ID), and in particular, do they believe this ID is ready
        to forward to the IESG for publication?

    >> Yes.

  1.b) Has the document had adequate review from both key WG members
        and key non-WG members?  Do you have any concerns about the
        depth or breadth of the reviews that have been performed?

    >> The document has been reviewed by key working group members.
    >> I don't feel there are any specific key individuals outside
    >> the working group whose review is essential at this stage.
    >> We do have significant overlap with groups whose work is
    >> most likely to be affected, such as KITTEN.

  1.c) Do you have concerns that the document needs more review from a
        particular (broader) perspective (e.g., security, operational
        complexity, someone familiar with AAA, etc.)?

    >> Given the nature of the extension, I don't believe any
    >> particular broader review is required.  However, this
    >> extension adds new functionality to the Kerberos protocol
    >> which can be enjoyed only by Kerberos applications which
    >> make full use of sub-keys rather than mandating the direct
    >> use of Kerberos session keys.  As a result, some existing
    >> applications may not be able to take advantage of the new
    >> capability.  It is worth noting that applications which make
    >> use of authentication frameworks such as SASL or GSS-API
    >> _will_ be able to transparently use the new feature.

  1.d) Do you have any specific concerns/issues with this document that
        you believe the ADs and/or IESG should be aware of?  For
        example, perhaps you are uncomfortable with certain parts of the
        document, or have concerns whether there really is a need for
        it.  In any event, if your issues have been discussed in the WG
        and the WG has indicated it that it still wishes to advance the
        document, detail those concerns in the write-up.

    >> No, I have no particular concerns about this document.

  1.e) How solid is the WG consensus behind this document? Does it
        represent the strong concurrence of a few individuals, with
        others being silent, or does the WG as a whole understand and
        agree with it?

    >> There seems to be consensus behind this document among
    >> active participants in the working group.

  1.f) Has anyone threatened an appeal or otherwise indicated extreme
        discontent?  If so, please summarise the areas of conflict in
        separate email to the Responsible Area Director.

    >> No.

  1.g) Have the chairs verified that the document adheres to all of the
        ID nits? (see http://www.ietf.org/ID-Checklist.html).

    >> The automatic id-nits processor reports one line above 72
    >> characters; this can and should be fixed in editing.
    >>
    >> This document defines a new Kerberos authorization data type.
    >> As described in RFC4120, that registry is currently maintained
    >> by this WG, pending completion of an update to the Kerberos
    >> specifciation.  Thus, no IANA action is required.


  1.h) Is the document split into normative and informative references?
        Are there normative references to IDs, where the IDs are not
        also ready for advancement or are otherwise in an unclear state?
        (note here that the RFC editor will not publish an RFC with
        normative references to IDs, it will delay publication until all
        such IDs are also ready for publication as RFCs.)

    >> This document contains no non-normative references, aside
    >> from a spurious reference to RFC2743 (not used in the text)
    >> which should be removed.  All normative references are to
    >> published RFC's or ITU-T specifications.


Technical Summary

  This document specifies an extension to the Kerberos protocol where
  the client can send a list of supported encryption types in
  decreasing preference order, and the server then selects an
  encryption type that is supported by both the client and the server.


Working Group Summary

  This document represents the consensus of the Kerberos Working Group.


Protocol Quality

  At least one major implementor has already implemented this extension,
  and others have indicated their intent to do so.  This protocol was
  reviewed by Jeffrey Hutzelman.
2006-01-13
04 Sam Hartman State Change Notice email list have been change to jhutz@cmu.edu, lzhu@microsoft.com from jhutz@cmu.edu
2006-01-13
04 Sam Hartman State Changes to AD Evaluation from Publication Requested by Sam Hartman
2006-01-06
04 Dinara Suleymanova Draft Added by Dinara Suleymanova in state Publication Requested
2005-10-24
04 (System) New version available: draft-zhu-kerb-enctype-nego-04.txt
2005-07-21
03 (System) New version available: draft-zhu-kerb-enctype-nego-03.txt
2005-05-27
02 (System) New version available: draft-zhu-kerb-enctype-nego-02.txt
2005-04-01
01 (System) New version available: draft-zhu-kerb-enctype-nego-01.txt
2005-01-17
00 (System) New version available: draft-zhu-kerb-enctype-nego-00.txt