[kitten] I-D Action: draft-ietf-kitten-krb-spake-preauth-09.txt

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[kitten] I-D Action: draft-ietf-kitten-krb-spake-preauth-09.txt


A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Common Authentication Technology Next Generation WG of the IETF.

        Title           : SPAKE Pre-Authentication
        Authors         : Nathaniel McCallum
                          Simo Sorce
                          Robbie Harwood
                          Greg Hudson
        Filename        : draft-ietf-kitten-krb-spake-preauth-09.txt
        Pages           : 37
        Date            : 2020-06-10

   This document defines a new pre-authentication mechanism for the
   Kerberos protocol that uses a password authenticated key exchange.
   This document has three goals.  First, increase the security of
   Kerberos pre-authentication exchanges by making offline brute-force
   attacks infeasible.  Second, enable the use of second factor
   authentication without the need for a separately-established secure
   channel.  This is achieved using the existing trust relationship
   established by the shared first factor.  Third, make Kerberos pre-
   authentication more resilient against time synchronization errors by
   removing the need to transfer an encrypted timestamp from the client.

The IETF datatracker status page for this draft is:

There are also htmlized versions available at:

A diff from the previous version is available at:

Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:

Kitten mailing list
[hidden email]