The RC4-HMAC Kerberos Encryption Types Used by Microsoft Windows
RFC 4757
Yes
(Sam Hartman)
No Objection
Lars Eggert
(Dan Romascanu)
(David Kessens)
(Lisa Dusseault)
(Magnus Westerlund)
(Ross Callon)
Note: This ballot was opened for revision 03 and is now closed.
Lars Eggert
No Objection
Sam Hartman Former IESG member
(was Discuss, Yes)
Yes
Yes
()
Unknown
Cullen Jennings Former IESG member
No Objection
No Objection
(2006-09-12)
Unknown
Document says that "3DES is not available" for export. Is this really right? Could it be made a little more precise.
Dan Romascanu Former IESG member
No Objection
No Objection
()
Unknown
David Kessens Former IESG member
No Objection
No Objection
()
Unknown
Jari Arkko Former IESG member
No Objection
No Objection
(2006-09-14)
Unknown
Like Cullen, I am concerned about the export control statements. We know for a fact that strong crypto is exportable, just look at what a random U.S. based security product vendor sells elsewhere in the world; of course its possible that there are conditions relating to the type of product or how its delivered, what country we are talking about etc. But it serves the IETF no good to make make broad statements like this in RFCs, someone may actually believe them and not use the best possible crypto. Please remove or qualify.
Lisa Dusseault Former IESG member
No Objection
No Objection
()
Unknown
Magnus Westerlund Former IESG member
No Objection
No Objection
()
Unknown
Ross Callon Former IESG member
No Objection
No Objection
()
Unknown
Russ Housley Former IESG member
(was Discuss)
No Objection
No Objection
(2006-09-14)
Unknown
I am also concerned about the "export language" raised by others, but I see no reason to "pile on" another DISCUSS on that point. I'm sure it will be fixed. In several places, SGN_ALG contains an integrity algorithm indicator. And the document says that "11 00 - HMAC". I hope that this means HMAC-MD5 and that HMAC-SHA1 might be used in the future with a value other than "11 00."