Skip to main content

Last Call Review of draft-ietf-kitten-rfc4402bis-01

Request Review of draft-ietf-kitten-rfc4402bis
Requested revision No specific revision (document currently at 02)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2015-12-04
Requested 2015-11-26
Authors Shawn M Emery , Nicolás Williams
I-D last updated 2015-12-03
Completed reviews Genart Last Call review of -01 by Christer Holmberg (diff)
Secdir Last Call review of -01 by Charlie Kaufman (diff)
Opsdir Last Call review of -01 by Susan Hares (diff)
Assignment Reviewer Charlie Kaufman
State Completed Snapshot
Review review-ietf-kitten-rfc4402bis-01-secdir-lc-kaufman-2015-12-03
Reviewed revision 01 (document currently at 02)
Result Ready
Completed 2015-12-03

I have reviewed this document as part of the security directorate's ongoing

effort to review all IETF documents being processed by the IESG.  Document

editors and WG chairs should treat these comments just like any other last

call comments.

This is effectively a one byte change to RFC4402 to correct for the fact that
the deployed implementations do not match the current spec. While it's open,
there is also the addition of some sample data to assure the problem won't
happen again (or at least
 if it does, the sample data will indicate the correct interpretation).

RFC4402 was already covering a detail of the Kerberos V5 design that probably
should have been folded into another RFC rather than getting its own, so this
change is truly covering a small detail (albeit one the affects
interoperability of implementations).

Note that this spec defines a PRF function in what today would be considered a
non-standard way. But the changed spec will reflect the state of the deployed
base and there are no known cryptographic weaknesses in the algorithm specified