Skip to main content

The RC4-HMAC Kerberos Encryption Types Used by Microsoft Windows
RFC 4757

Yes

(Sam Hartman)

No Objection

Lars Eggert
(Dan Romascanu)
(David Kessens)
(Lisa Dusseault)
(Magnus Westerlund)
(Ross Callon)

Note: This ballot was opened for revision 03 and is now closed.

Lars Eggert No Objection

(Sam Hartman; former steering group member) (was Discuss, Yes) Yes

Yes ()

                            

(Cullen Jennings; former steering group member) No Objection

No Objection (2006-09-12)
Document says that "3DES is not available" for export. Is this really right? Could it be made a little more precise.

(Dan Romascanu; former steering group member) No Objection

No Objection ()

                            

(David Kessens; former steering group member) No Objection

No Objection ()

                            

(Jari Arkko; former steering group member) No Objection

No Objection (2006-09-14)
Like Cullen, I am concerned about the export control
statements. We know for a fact that strong crypto
is exportable, just look at what a random U.S. based
security product vendor sells elsewhere in the world;
of course its possible that there are conditions 
relating to the type of product or how its delivered,
what country we are talking about etc. But it serves 
the IETF no good to make make broad statements
like this in RFCs, someone may actually believe
them and not use the best possible crypto. Please
remove or qualify.

(Lisa Dusseault; former steering group member) No Objection

No Objection ()

                            

(Magnus Westerlund; former steering group member) No Objection

No Objection ()

                            

(Ross Callon; former steering group member) No Objection

No Objection ()

                            

(Russ Housley; former steering group member) (was Discuss) No Objection

No Objection (2006-09-14)
  I am also concerned about the "export language" raised by others, but
  I see no reason to "pile on" another DISCUSS on that point.  I'm sure
  it will be fixed.

  In several places, SGN_ALG contains an integrity algorithm indicator.
  And the document says that "11 00 - HMAC".  I hope that this means
  HMAC-MD5 and that HMAC-SHA1 might be used in the future with a value
  other than "11 00."