Skip to main content

Last Call Review of draft-ietf-krb-wg-gss-cb-hash-agility-
review-ietf-krb-wg-gss-cb-hash-agility-secdir-lc-moriarty-2011-12-04-00

Request Review of draft-ietf-krb-wg-gss-cb-hash-agility
Requested revision No specific revision (document currently at 10)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2011-11-29
Requested 2011-10-28
Authors Shawn M Emery
I-D last updated 2011-12-04
Completed reviews Genart Last Call review of -?? by Francis Dupont
Secdir Last Call review of -?? by Kathleen Moriarty
Assignment Reviewer Kathleen Moriarty
State Completed
Request Last Call review on draft-ietf-krb-wg-gss-cb-hash-agility by Security Area Directorate Assigned
Completed 2011-12-04
review-ietf-krb-wg-gss-cb-hash-agility-secdir-lc-moriarty-2011-12-04-00
I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These comments
were written primarily for the benefit of the security area directors. Document
editors and WG chairs should treat these comments just like any other last call
comments.

Description: This document updates RFC4121<

http://tools.ietf.org/html/rfc4121

> to allow channel bindings using algorithms negotiated based on Kerberos
crypto framework as defined in RFC3961<

http://tools.ietf.org/html/rfc3961

>.  In addition, because this update makes use of the last extensible field in
the Kerberos client-server exchange message, extensions are defined to allow
future protocol extensions.

I think the document is ready.  The only suggestion would be to consider
expanding out the security consideration section to list any risks with using
or not using channel bindings.  Right now, it states it is up to the
application's policy, which is fine, but may leave developers with questions.

Telechat is on 12-30-2011

Thank you,
Kathleen