[kitten] Last Call: <draft-ietf-kitten-krb-spake-preauth-07.txt> (SPAKE Pre-Authentication) to Proposed Standard

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[kitten] Last Call: <draft-ietf-kitten-krb-spake-preauth-07.txt> (SPAKE Pre-Authentication) to Proposed Standard


The IESG has received a request from the Common Authentication Technology
Next Generation WG (kitten) to consider the following document: - 'SPAKE
  <draft-ietf-kitten-krb-spake-preauth-07.txt> as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
[hidden email] mailing lists by 2020-05-26. Exceptionally, comments may
be sent to [hidden email] instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.


   This document defines a new pre-authentication mechanism for the
   Kerberos protocol that uses a password authenticated key exchange.
   This document has three goals.  First, increase the security of
   Kerberos pre-authentication exchanges by making offline brute-force
   attacks infeasible.  Second, enable the use of second factor
   authentication without relying on FAST.  This is achieved using the
   existing trust relationship established by the shared first factor.
   Third, make Kerberos pre-authentication more resilient against time
   synchronization errors by removing the need to transfer an encrypted
   timestamp from the client.

The file can be obtained via

No IPR declarations have been submitted directly on this I-D.

Kitten mailing list
[hidden email]