A Pseudo-Random Function (PRF) API Extension for the Generic Security Service Application Program Interface (GSS-API)
RFC 4401

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: Internet Architecture Board <iab@iab.org>,
    RFC Editor <rfc-editor@rfc-editor.org>, 
    kitten mailing list <kitten@ietf.org>, 
    kitten chair <kitten-chairs@tools.ietf.org>
Subject: Protocol Action: 'A PRF API extension for the GSS-API' 
         to Proposed Standard 

The IESG has approved the following documents:

- 'A PRF API extension for the GSS-API '
   <draft-ietf-kitten-gssapi-prf-08.txt> as a Proposed Standard
- 'A PRF for the Kerberos V GSS-API Mechanism '
   <draft-ietf-kitten-krb5-gssapi-prf-05.txt> as a Proposed Standard

These documents are products of the Kitten (GSS-API Next Generation) 
Working Group. 

The IESG contact persons are Sam Hartman and Tim Polk.

A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-kitten-gssapi-prf-08.txt

Technical Summary
 
   These documents define a Pseudo-Random Function (PRF) extension to
   the Generic Security Service Application Programming Interface
   (GSS-API) for keying application protocols given an established
   GSS-API security context and provide an implementation of that
   extension for the Kerberos V mechanism.  The primary intended use
   of this function is to key secure session layers that don't or
   cannot use GSS-API per- message MIC (message integrity check) and
   wrap tokens for session

 
Working Group Summary
 
   The Kitten working group participants are solidly behind this
   document.
   There were two areas of contention during its development.
   First, representatives of the Samba team desired that the PRF be
   designed to be compatible with the key export methods implemented by
   Microsoft for use with CIFS.  The working group consensus was that
   following Microsoft's direction would have compromised the security
   and usefulness of the PRF functionality.
   Second, there was a desire to include a Java Binding for the
   prf() method.  The Java Binding was removed from the document due to
   both a technical disagreement within the working group related to how
   it should be implemented as well as conflicts between IETF and Java
   Community Process processes.  
 
Protocol Quality
 
   There are no shipping implementations of this extension although there
   has been broad review and no concerns have been raised regarding the
   ability to implement the interfaces defined.
   Several vendors including MIT's Kerberos team, Heimdal and Sun
   Microsystems have indicated a desire to implement the extension.
   Ken Raeburn, Uri Blumenthal and Joe Salowey provided significant
   review.  This document has been reviewed for the IESG by Sam hartman.


Note to RFC Editor
 
 In draft-ietf-kitten-krb5-gssapi-prf, replace the citation to
 [rfc1964] with a citation to [cfx] and remove the reference entry for
 [rfc1964]
 
 Just before section 2, delete the paragraph beginning "mechanisms may
 limit the output" and ending with "requested."

 In draft-ietf-kitten-gssapi-prf, replace the reference to RFC 1750
 with a reference to RFC 4086.