[kitten] Protocol Action: 'Anonymity Support for Kerberos' to Proposed Standard (draft-ietf-kitten-rfc6112bis-03.txt)

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[kitten] Protocol Action: 'Anonymity Support for Kerberos' to Proposed Standard (draft-ietf-kitten-rfc6112bis-03.txt)

The IESG
The IESG has approved the following document:
- 'Anonymity Support for Kerberos'
  (draft-ietf-kitten-rfc6112bis-03.txt) as Proposed Standard

This document is the product of the Common Authentication Technology Next
Generation Working Group.

The IESG contact persons are Stephen Farrell and Kathleen Moriarty.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-kitten-rfc6112bis/





Technical Summary

This document describes Kerberos extensions for client anonymity
support.  These extensions give Kerberos clients the ability to
authenticate and securely communicate with a service, without revealing
the client identity.  Two methods are described; one that only reveals
the client’s identity to its own KDC, and another that utilizes
anonymous PKINIT to hide the client identity completely.

Working Group Summary

There is consensus among the WG for this document, and as a “bis”
document all errata have been considered. Aside from a few editorial
corrections, there are three primary changes to the
specification.  First, when using the anonymous PKINIT method, the
ticket session key is derived using the KRB-FX-CF2 operation, which
requires two input constants “pepper1” and “pepper2”.  The
“pepper2”  constant was incorrect in RFC 6112 and has been chang
ed to its correct value.  Second, the need for setting the anonymous
KDC flag in a anonymous TGS request changed from a MUST to a
SHOULD.  Third, a new paragraph has been added which clarifies a MITM
scenario that is prevented by the anonymous PKINIT session-key
derivation method.

Document Quality

This is request for publication of a Standards Track document to
obsolete RFC 6112, which had technical errors that made the described
extensions inoperable with existing implementations.

Personnel

Matt Rogers is the document shepherd.  Stephen Farrell is the
responsible Area Director.


_______________________________________________
Kitten mailing list
[hidden email]
https://www.ietf.org/mailman/listinfo/kitten