Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) Freshness Extension
RFC 8070

Note: This ballot was opened for revision 07 and is now closed.

(Stephen Farrell) Yes

(Jari Arkko) (was Discuss) No Objection

Comment (2016-12-01)
No email
send info
This was a Discuss, but I changed it to a comment because we don't need both me and Kathleen holding the same issue: "I am concerned about the issue that Russ Housley raised in his Gen-ART review: bad practices in creating the freshness tokens creates a security issue. If this cannot be handled in the way that Russ initially suggested (setting a minimum number of bits) then a proper discussion of the issue and recommendations to avoid the problems need to be included in the security considerations section."

Other issues from Russ' Gen-ART review should also be addressed (editorial ones + possible max size).

(Alia Atlas) No Objection

(Deborah Brungard) No Objection

(Ben Campbell) No Objection

(Benoît Claise) No Objection

Comment (2016-12-01)
No email
send info
As mentioned by Scott Bradner in his OPS-DIR review, some words about operational guidance (not implementation guidance) would be welcome: "
what kind of message could the operator give to their users to minimize the disruption when errors start popping up " would be welcome.

(Alissa Cooper) No Objection

(Spencer Dawkins) No Objection

(Joel Jaeggli) No Objection

(Suresh Krishnan) No Objection

(Mirja Kühlewind) No Objection

(Terry Manderson) No Objection

(Alexey Melnikov) No Objection

(Kathleen Moriarty) (was Discuss) No Objection

Comment (2016-12-20)
No email
send info
Thanks for covering my prior discuss with a paragraph provided as an RFC editor note.

Alvaro Retana No Objection