The Unencrypted Form of Kerberos 5 KRB-CRED Message
RFC 6448

Note: This ballot was opened for revision 03 and is now closed.

(Stephen Farrell) Yes

(Jari Arkko) (was Discuss) No Objection

(Ron Bonica) No Objection

(Stewart Bryant) No Objection

(Wesley Eddy) No Objection

(Adrian Farrel) No Objection

(David Harrington) (was Discuss) No Objection

Comment (2011-08-22 for -)
No email
send info
"can been" -> "has been" or "can be"

(Russ Housley) (was Discuss, No Objection, Discuss) No Objection

Comment (2011-08-26)
No email
send info
Please consider the editorial comments in the Gen-ART Review by
  Kathleen Moriarty on 24-Aug-2011.

(Pete Resnick) No Objection

Comment (2011-08-22 for -)
No email
send info
This document does describe how to do something (albeit unsavory) in an interoperable manner, and I can imagine this document being refined with experience, so it is at least plausible to leave on the standards track. And the document does have serious admonitions about how this protocol ought to be used. I share Dave's discomfort, but I think this document has an acceptable level of warning to implementers.

(Dan Romascanu) No Objection

Comment (2011-08-24 for -)
No email
send info
1. I share the feeling of uneasiness expressed by DBH about putting this document on the standards track. I expect the security experts to ease my concerns. 

2. In the IANA considerations section: 

 The reference for Kerberos encryption type 0 should be updated to
   point to this document.

It would be probably good to mention that this is the Kerberos Encryption Type Numbers in the Kerberos parameters registry. Should not it also say something like 'message not encrypted' instead of 'reserved'? 

(Peter Saint-Andre) No Objection

Comment (2011-08-23 for -)
No email
send info
It would be nice if this document included a sentence or two about why the KRB-CRED Message was removed between RFC 1510 and RFC 4510, and why it's important to bring that feature back now. As it is, that history is hidden in the mail archive, so it appears to the naive reader that the KRB-CRED Message is a new feature.

(Robert Sparks) No Objection

(Sean Turner) No Objection