Javascript disabled? Like other modern websites, the IETF Datatracker relies on Javascript. Please enable Javascript for full functionality.

Using Kerberos Version 5 over the Transport Layer Security (TLS) Protocol
RFC 6251

Yes

(Tim Polk)

No Objection

Lars Eggert

(Adrian Farrel)

(Alexey Melnikov)

(Cullen Jennings)

(Jari Arkko)

(Peter Saint-Andre)

(Ralph Droms)

(Robert Sparks)

(Ron Bonica)

(Ross Callon)

(Russ Housley)

Note: This ballot was opened for revision 09 and is now closed.

Lars Eggert No Objection

(Tim Polk; former steering group member) Yes

Yes ()

(Adrian Farrel; former steering group member) No Objection

No Objection ()

(Alexey Melnikov; former steering group member) (was Discuss) No Objection

No Objection (2010-02-03)

To answer my previous comment: the id-krb5starttls-san OID is already allocated, so nothing needs to be done by IANA.

(Cullen Jennings; former steering group member) No Objection

No Objection ()

(Jari Arkko; former steering group member) (was Discuss) No Objection

No Objection ()

(Peter Saint-Andre; former steering group member) (was Discuss) No Objection

No Objection (2010-08-16)

Per discussion with the author on the krb-wg list, the responsible AD shall add an RFC Editor note changing this existing text:

   Many client environments do not have secure long-term storage, which
   is required to validate certificates.  This makes it impossible to
   use server certificate validation on a large number of client
   systems.

to this agreed-upon modification:

   In order to safely validate certificates, a client needs access to
   secure long-term storage.  However, many client environments do not
   provide secure long-term storage (e.g., because the machine has been
   compromised).  This makes it impossible to use server certificate
   validation on a large number of client systems.

NOTE: per further discussion to harmonize the proposed text with suggested text from Magnus Nystrom, the text will be changed to:

   Since many client environments do not have access to long-term
   storage, or to long-term storage that is sufficiently secure to
   enable validation of server certificates, the Kerberos V5
   STARTTLS protocol does not require clients to verify server
   certificates.

(Ralph Droms; former steering group member) (was Discuss, No Objection) No Objection

No Objection ()

(Robert Sparks; former steering group member) No Objection

No Objection ()

(Ron Bonica; former steering group member) No Objection

No Objection ()

(Ross Callon; former steering group member) No Objection

No Objection ()

(Russ Housley; former steering group member) No Objection

No Objection ()

Using Kerberos Version 5 over the Transport Layer Security (TLS) Protocol RFC 6251

Using Kerberos Version 5 over the Transport Layer Security (TLS) Protocol
RFC 6251