The RC4-HMAC Kerberos Encryption Types Used by Microsoft Windows
RFC 4757
Yes
No Objection
Note: This ballot was opened for revision 03 and is now closed.
Lars Eggert No Objection
(Sam Hartman; former steering group member) (was Discuss, Yes) Yes
(Cullen Jennings; former steering group member) No Objection
Document says that "3DES is not available" for export. Is this really right? Could it be made a little more precise.
(Dan Romascanu; former steering group member) No Objection
(David Kessens; former steering group member) No Objection
(Jari Arkko; former steering group member) No Objection
Like Cullen, I am concerned about the export control statements. We know for a fact that strong crypto is exportable, just look at what a random U.S. based security product vendor sells elsewhere in the world; of course its possible that there are conditions relating to the type of product or how its delivered, what country we are talking about etc. But it serves the IETF no good to make make broad statements like this in RFCs, someone may actually believe them and not use the best possible crypto. Please remove or qualify.
(Lisa Dusseault; former steering group member) No Objection
(Magnus Westerlund; former steering group member) No Objection
(Ross Callon; former steering group member) No Objection
(Russ Housley; former steering group member) (was Discuss) No Objection
I am also concerned about the "export language" raised by others, but I see no reason to "pile on" another DISCUSS on that point. I'm sure it will be fixed. In several places, SGN_ALG contains an integrity algorithm indicator. And the document says that "11 00 - HMAC". I hope that this means HMAC-MD5 and that HMAC-SHA1 might be used in the future with a value other than "11 00."