Kerberos WG (krb-wg) MON, July 10 at 0900-1130 (Room 519A) Audio Stream: http://www.ietf.org/audio//ietf667.m3u Jabber Server: jabber.ietf.org Room: kitten Meeting Materials: https://datatracker.ietf.org/public/meeting_materials.cgi?meeting_num=66 ===================================== Chair: Jeffrey Hutzelman AGENDA: Preliminaries - Chair (5 min) - Introduction - Blue Sheets - Scribe, Jabber - Remote Participation - Agenda Bashing Document Status - Chair (10 min) + Completed work Enctype Negotiation (RFC4537) PKINIT (RFC4556) PKINIT OCSP (RFC4557) GSSAPI PRF (RFC4401, RFC4402) + Active WG items: PKINIT ECC draft-zhu-pkinit-ecc-01 WGLC completed TCP Extensions draft-ietf-krb-wg-tcp-expansion-00 WGLC completed Naming draft-ietf-krb-wg-naming-00 WGLC in July Anonymous draft-ietf-krb-wg-anon-00 WGLC in July Referrals draft-ietf-krb-wg-kerberos-referrals-07 WGLC in August Extensions draft-ietf-krb-wg-rfc1510ter-02 WGLC in August Set/Change PW draft-ietf-krb-wg-kerberos-set-passwd-04 WGLC in August PKINIT Agility draft-ietf-krb-wg-pkinit-alg-agility-00 WGLC in November GSS Agility WGLC in November + Related work draft-jaganathan-kerberos-http-01 (in RFC Editor Queue) Web Authentication Enhancement BOF (Friday morning) Domain-Based Names draft-ietf-kitten-krb5-gssapi-domain-based-names-02.txt Information Model draft-johansson-kerberos-model-02 TLS draft-josefsson-kerberos5-starttls-00 (expired) One-Time Passwords draft-richards-otp-kerberos-00 Inter-KDC draft-zrelli-krb-xkdcp-00 Presentations Problem Statements on Cross-Realm Authentication (15 min + questions) Shoichi Sakane will discuss a variety of issues related to the current Kerberos cross-realm authentication model. These issues have led to a proposal for an inter-KDC protocol to support cross-realm operations, described in draft-zrelli-krb-xkdcp-00.txt; however, the presentation will focus on the issues themselves, rather than the details of the proposed extensions. OTP Kerberos (10 min + questions) draft-richards-otp-kerberos-00.txt Charter Discussion - Chair and Security AD(s) (20 min) The Kerberos working group has now been active for nearly 6 years. We have been charged with two broad tasks. The first is to "clarify and amplify the Kerberos specification", which we largely accomplished with the publication of RFC's 3961, 3962, and 4120. Our second task is to "select from existing proposals on new or extended functionality... and publish these as one or more Proposed Standards". This task is fairly open-ended to begin with, and we've been applying a somewhat loose interpretation, under which we could undertake work to solve any of the problems that were being considered at that time, even if we did not adopt a particular direction that was under discussion when the WG was formed. This broad task forms the basis for all of our current work items. Sam and I feel it is time to revisit the charter, and replace this broad, open-ended task with a specific list of work items. To that end, we'd like to hold a discussion in Montreal to develop a list of work items and milestones to be included in an updated charter. We expect such a list to include items the group is already working on, and previously-discussed proposals which the working group wants to take on as work items. It should not include items which have not already been discussed -- this is not an open call for ideas. Of course, it is still appropriate for the group to listen to proposals for new work from time to time, and request a charter update to add new work items it feels are appropriate. Technical Discussion (60 min) - Naming/Anonymous - Larry Zhu - PKINIT Agility - Larry Zhu, Love Hörnquist-Åstrand - Referrals - Ken Raeburn - Extensions - Tom Yu