From nobody Wed Feb 1 00:09:10 2017 Return-Path: X-Original-To: kitten@ietf.org Delivered-To: kitten@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id AA02A129407; Wed, 1 Feb 2017 00:09:09 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: "Alexey Melnikov" To: "The IESG" X-Test-IDTracker: no X-IETF-IDTracker: 6.41.1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <148593654967.24569.8267806412506317071.idtracker@ietfa.amsl.com> Date: Wed, 01 Feb 2017 00:09:09 -0800 Archived-At: Cc: kitten@ietf.org, draft-ietf-kitten-krb-auth-indicator@ietf.org, kitten-chairs@ietf.org Subject: [kitten] Alexey Melnikov's No Objection on draft-ietf-kitten-krb-auth-indicator-06: (with COMMENT) X-BeenThere: kitten@ietf.org X-Mailman-Version: 2.1.17 List-Id: Common Authentication Technologies - Next Generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Feb 2017 08:09:09 -0000 Alexey Melnikov has entered the following ballot position for draft-ietf-kitten-krb-auth-indicator-06: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-kitten-krb-auth-indicator/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- ASN.1 needs a reference. Also, it would be good to have an example of how the Level of Assurance URIs can be used, as I couldn't figure this out just by looking at already registered values from the referenced IANA registry. From nobody Wed Feb 1 03:36:18 2017 Return-Path: X-Original-To: kitten@ietfa.amsl.com Delivered-To: kitten@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2DA0129D1E for ; Wed, 1 Feb 2017 03:36:16 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.12 X-Spam-Level: X-Spam-Status: No, score=-10.12 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-3.199, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8z9D6rel9GyF for ; Wed, 1 Feb 2017 03:36:15 -0800 (PST) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F9A9129D1C for ; Wed, 1 Feb 2017 03:36:15 -0800 (PST) Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 38DBB7FB72; Wed, 1 Feb 2017 11:36:16 +0000 (UTC) Received: from rhino.ipa.ssimo.org ([10.34.248.129]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v11BaDx5006108 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 1 Feb 2017 06:36:15 -0500 Message-ID: <1485948972.6128.4.camel@redhat.com> From: Simo Sorce To: Benjamin Kaduk , kitten@ietf.org Date: Wed, 01 Feb 2017 06:36:12 -0500 In-Reply-To: <20170125021244.GH8460@kduck.kaduk.org> References: <20170125021244.GH8460@kduck.kaduk.org> Content-Type: text/plain; charset="UTF-8" Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Wed, 01 Feb 2017 11:36:16 +0000 (UTC) Archived-At: Subject: Re: [kitten] Call for adoption: draft-mccallum-kitten-krb-service-discovery X-BeenThere: kitten@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Common Authentication Technologies - Next Generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Feb 2017 11:36:17 -0000 On Tue, 2017-01-24 at 20:12 -0600, Benjamin Kaduk wrote: > Hi all, > > This message begins a two-week call for adoption of > draft-mccallum-kitten-krb-service-discovery (the current version of > which is > https://tools.ietf.org/html/draft-mccallum-kitten-krb-service-discove > ry-03). > > Though to some extent the document is documenting an existing > deployment, > there may be value to be gained from having WG approval of a > mechanism > perceived as a general improvement to the kerberos protocol. > > Please send messages of support, opposition, and other comments to > the > WG list. I support adopting this document. Simo. From nobody Wed Feb 1 06:01:57 2017 Return-Path: X-Original-To: kitten@ietfa.amsl.com Delivered-To: kitten@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25467129418 for ; Wed, 1 Feb 2017 06:01:55 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.421 X-Spam-Level: X-Spam-Status: No, score=-1.421 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AcHhM8-1srnK for ; Wed, 1 Feb 2017 06:01:49 -0800 (PST) Received: from mail-yw0-f180.google.com (mail-yw0-f180.google.com [209.85.161.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0EAAF12944C for ; Wed, 1 Feb 2017 06:01:45 -0800 (PST) Received: by mail-yw0-f180.google.com with SMTP id w75so62097959ywg.1 for ; Wed, 01 Feb 2017 06:01:45 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ngzTDvuZEtwCFXPXHvWntNokXTAz81hxOVCv5SlxnVs=; b=iM9XUY4b3Mrgh40a9O8HWviJj7TAaB4LjoUzmfN1/eNa0JKdYsuhPrA5iHdcIzoV/s T+kFzdds2DdxZusZ8GQq6tyGF3dlC42DHldtD9Nt9AZIh8WIUlDcQnqwiwfJbTf7KFN/ m8QUuYTkRAflJxtvgS0JGGikBGurrCJQPk+TJV2oj5wRJ4botRXlZ36FYJjFmrdWdI/S 3hHRaCMpAZFHY0CbAltNGFRHYGFFQ9PBmuSEX8/7vUL5Ujmz0pP8DlMTaV+8K5Gqo86J +jd+hk7QHM0LP+nidI54+YX0nRZbWtsaapF56aMavE8fIS5faM0D4Eld75AE3TcaXfbF PDiQ== X-Gm-Message-State: AIkVDXIgkgT7EBsvHovoXltujelaCPMXDMAo+Vi89e3mk1ougWOWHKmRjp5IFDGdLKm4szoI3L4F+axqCS7LDbL0 X-Received: by 10.55.21.196 with SMTP id 65mr2790851qkv.230.1485957704927; Wed, 01 Feb 2017 06:01:44 -0800 (PST) MIME-Version: 1.0 Received: by 10.12.168.220 with HTTP; Wed, 1 Feb 2017 06:01:14 -0800 (PST) In-Reply-To: <20170125021244.GH8460@kduck.kaduk.org> References: <20170125021244.GH8460@kduck.kaduk.org> From: Matt Rogers Date: Wed, 1 Feb 2017 09:01:14 -0500 Message-ID: To: Benjamin Kaduk Content-Type: text/plain; charset=UTF-8 Archived-At: Cc: kitten@ietf.org Subject: Re: [kitten] Call for adoption: draft-mccallum-kitten-krb-service-discovery X-BeenThere: kitten@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Common Authentication Technologies - Next Generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Feb 2017 14:01:55 -0000 As co-author of the draft I support its adption. Regards, Matt From nobody Wed Feb 1 13:42:57 2017 Return-Path: X-Original-To: kitten@ietfa.amsl.com Delivered-To: kitten@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04D8B129A64; Wed, 1 Feb 2017 13:42:48 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.099 X-Spam-Level: X-Spam-Status: No, score=-5.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-3.199] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lGCh0irRjyjK; Wed, 1 Feb 2017 13:42:47 -0800 (PST) Received: from p130.piuha.net (p130.piuha.net [IPv6:2a00:1d50:2::130]) by ietfa.amsl.com (Postfix) with ESMTP id 03DD11295DC; Wed, 1 Feb 2017 13:42:34 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by p130.piuha.net (Postfix) with ESMTP id 56AC32D299; Wed, 1 Feb 2017 23:42:33 +0200 (EET) (envelope-from jari.arkko@piuha.net) X-Virus-Scanned: amavisd-new at piuha.net Received: from p130.piuha.net ([127.0.0.1]) by localhost (p130.piuha.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FmnQlkihM_DQ; Wed, 1 Feb 2017 23:42:32 +0200 (EET) Received: from [127.0.0.1] (p130.piuha.net [IPv6:2a00:1d50:2::130]) by p130.piuha.net (Postfix) with ESMTP id 7D5642CC9B; Wed, 1 Feb 2017 23:42:32 +0200 (EET) (envelope-from jari.arkko@piuha.net) Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) Content-Type: multipart/signed; boundary="Apple-Mail=_5DD3C1ED-684C-4A16-8944-49B1D744E684"; protocol="application/pgp-signature"; micalg=pgp-sha512 X-Pgp-Agent: GPGMail From: Jari Arkko In-Reply-To: <20161225182404.GN8460@kduck.kaduk.org> Date: Wed, 1 Feb 2017 22:42:32 +0100 Message-Id: <98EA1299-05B2-4AE2-A3AE-B88544CA4AE5@piuha.net> References: <148243567232.26011.10783984451734200377.idtracker@ietfa.amsl.com> <20161225182404.GN8460@kduck.kaduk.org> To: Benjamin Kaduk X-Mailer: Apple Mail (2.1878.6) Archived-At: Cc: kitten@ietf.org, gen-art@ietf.org, draft-ietf-kitten-krb-auth-indicator.all@ietf.org, ietf@ietf.org, Robert Sparks Subject: Re: [kitten] Review of draft-ietf-kitten-krb-auth-indicator-04 X-BeenThere: kitten@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Common Authentication Technologies - Next Generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Feb 2017 21:42:48 -0000 --Apple-Mail=_5DD3C1ED-684C-4A16-8944-49B1D744E684 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 Many thanks for the review, Robert. These reviews are much appreciated, and at least from my perspective, improve the quality of the RFCs. Happy to hear from Benjamin that he=92s considering the editorial issues = Robert found in this case. Jari --Apple-Mail=_5DD3C1ED-684C-4A16-8944-49B1D744E684 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJYklZIAAoJEM80gCTQU46qGYsP/R6Iut6xUmWprcpZlSx8AoJ+ 7MoZaw510bodje5COhRoFSH0dkqNlV0XE/LWlGytHx44TJlFxIWgasXo/hCvhQSr KG4NS3Wi/ue12EkZPd5yDOw46oyHiKJ57c6ug/lkbcEDFKVG5B3tSIfJaKEwogDR bByE+MMxriAf8wLSnJiS67eOJowoOSpVktzRQFPBLc08gG3Bep1uYFAqYY2x42PV xmPmaV8OgaE+FGq3JLLDHcfL0IzkAKz3pJjiR05rXfV6onRGDhk9MDzbcg0kJyAM SO5IcjLZDzkS37mL7aK370I5JRbrExng1+4muTMb+4rcn7fmGEDeNwcIWlwkwVjU y9OV5luFfo00/H+oNEUo/iIrCtvv4PTbdbPXOsFEHG4UNAn+4FC3zir/IVKHviGo 9r1G++sA4Yd1AMVoYqtl8I0/ThsCQerpchyMf+ryCJLMMFviHTgaEyvX24QTzzwN k9jUgVZ3dB+mV09nDBfHxKRskJ/P81PCWtQxJuYUEjjDlKfTQBndX200CpxSzz72 wFxQ9ypdNcmP1USuFaydbWXt40fleYtTMeLu2/fdsgkP9N1wZXrjaUF99SWghbzU LOsrkXsf68puoGx9C+kqNdN/enuUAF4zCE/P0QZlbn3RzvLa/65NZ2x6/WpS7V1J +V/O12NZQBr3nWZQOHJ5 =Sjy0 -----END PGP SIGNATURE----- --Apple-Mail=_5DD3C1ED-684C-4A16-8944-49B1D744E684-- From nobody Wed Feb 1 17:32:46 2017 Return-Path: X-Original-To: kitten@ietf.org Delivered-To: kitten@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 21501129588; Wed, 1 Feb 2017 17:32:41 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: "Ben Campbell" To: "The IESG" X-Test-IDTracker: no X-IETF-IDTracker: 6.42.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <148599916110.18684.6832861501031672.idtracker@ietfa.amsl.com> Date: Wed, 01 Feb 2017 17:32:41 -0800 Archived-At: Cc: kitten@ietf.org, draft-ietf-kitten-krb-auth-indicator@ietf.org, kitten-chairs@ietf.org Subject: [kitten] Ben Campbell's No Objection on draft-ietf-kitten-krb-auth-indicator-06: (with COMMENT) X-BeenThere: kitten@ietf.org X-Mailman-Version: 2.1.17 List-Id: Common Authentication Technologies - Next Generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Feb 2017 01:32:41 -0000 Ben Campbell has entered the following ballot position for draft-ietf-kitten-krb-auth-indicator-06: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-kitten-krb-auth-indicator/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Please expand CANMAC and KDC on first mention. From nobody Wed Feb 1 17:34:10 2017 Return-Path: X-Original-To: kitten@ietf.org Delivered-To: kitten@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C36A129588; Wed, 1 Feb 2017 17:34:10 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: "Ben Campbell" To: "The IESG" X-Test-IDTracker: no X-IETF-IDTracker: 6.42.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <148599925010.18606.3264883101243783526.idtracker@ietfa.amsl.com> Date: Wed, 01 Feb 2017 17:34:10 -0800 Archived-At: Cc: kitten@ietf.org, draft-ietf-kitten-krb-auth-indicator@ietf.org, kitten-chairs@ietf.org Subject: [kitten] Ben Campbell's No Objection on draft-ietf-kitten-krb-auth-indicator-06: (with COMMENT) X-BeenThere: kitten@ietf.org X-Mailman-Version: 2.1.17 List-Id: Common Authentication Technologies - Next Generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Feb 2017 01:34:10 -0000 Ben Campbell has entered the following ballot position for draft-ietf-kitten-krb-auth-indicator-06: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-kitten-krb-auth-indicator/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Please expand CAMMAC and KDC on first mention. (Edited because I apparently can't spell CAMMAC) From nobody Tue Feb 7 19:54:52 2017 Return-Path: X-Original-To: kitten@ietfa.amsl.com Delivered-To: kitten@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E7164129842 for ; Tue, 7 Feb 2017 19:54:49 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.202 X-Spam-Level: X-Spam-Status: No, score=-4.202 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RSDNi8enRY4i for ; Tue, 7 Feb 2017 19:54:48 -0800 (PST) Received: from dmz-mailsec-scanner-4.mit.edu (dmz-mailsec-scanner-4.mit.edu [18.9.25.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AACEA129810 for ; Tue, 7 Feb 2017 19:54:48 -0800 (PST) X-AuditID: 1209190f-45fff70000001dde-a4-589a9685b01d Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by (Symantec Messaging Gateway) with SMTP id 08.00.07646.5869A985; Tue, 7 Feb 2017 22:54:47 -0500 (EST) Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id v183sjAU027452 for ; Tue, 7 Feb 2017 22:54:45 -0500 Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id v183sgqM009731 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Tue, 7 Feb 2017 22:54:45 -0500 Date: Tue, 7 Feb 2017 21:54:42 -0600 From: Benjamin Kaduk To: kitten@ietf.org Message-ID: <20170208035442.GL8460@kduck.kaduk.org> References: <20170125021244.GH8460@kduck.kaduk.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20170125021244.GH8460@kduck.kaduk.org> User-Agent: Mutt/1.6.1 (2016-04-27) X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrMIsWRmVeSWpSXmKPExsUixCmqrNs+bVaEwcpeQ4ujm1exODB6LFny kymAMYrLJiU1J7MstUjfLoEro7NtHnPBWo6K7omhDYyf2boYOTkkBEwkjjzYzd7FyMUhJNDG JPHr5z1GkISQwDFGiSlHVSESr5gkVr//yA6SYBFQkej4vpwFxGYDshu6LzOD2CICwhK7t74D s4UFvCW+fTwPVsMrYCyxcFEL1FBjiXsvbzJDxAUlTs58AlbDLKAlcePfS6YuRg4gW1pi+T8O kDAn0HHz770CKxEVUJZomPGAeQIj/ywk3bOQdM9C6F7AyLyKUTYlt0o3NzEzpzg1Wbc4OTEv L7VI10QvN7NELzWldBMjOOwk+XcwzmnwPsQowMGoxMN7IWpWhBBrYllxZe4hRkkOJiVR3koB oBBfUn5KZUZicUZ8UWlOavEhRgkOZiUR3sTJQDnelMTKqtSifJiUNAeLkjivuEZjhJBAemJJ anZqakFqEUxWhoNDSYKXYSpQo2BRanpqRVpmTglCmomDE2Q4D9DwHVNAhhcXJOYWZ6ZD5E8x KkqJ874CSQiAJDJK8+B6QWlBInt/zStGcaBXhHl/glTxAFMKXPcroMFMQIO3XZkGMrgkESEl 1cBo/ejLykXnT5y+sa48hlP1WK2g75GAwDUNsxY9qtvFVN7/+olu3P2ySRMrr8jI/Cr0jJ59 QHrDPNn6HR8v6gtMOM/cEuagdOz9J477RXMCtv23aw/2sVJ27tv7kHvB9YwXzocab7c21Pc1 GOt/dLi3Le/uvRu9YV6apaE3Uy8cdLwrpnnm59XTSizFGYmGWsxFxYkAeSrM0uYCAAA= Archived-At: Subject: Re: [kitten] Call for adoption: draft-mccallum-kitten-krb-service-discovery X-BeenThere: kitten@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Common Authentication Technologies - Next Generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Feb 2017 03:54:50 -0000 On Tue, Jan 24, 2017 at 08:12:44PM -0600, Benjamin Kaduk wrote: > Hi all, > > This message begins a two-week call for adoption of > draft-mccallum-kitten-krb-service-discovery (the current version of which is > https://tools.ietf.org/html/draft-mccallum-kitten-krb-service-discovery-03). > > Though to some extent the document is documenting an existing deployment, > there may be value to be gained from having WG approval of a mechanism > perceived as a general improvement to the kerberos protocol. > > Please send messages of support, opposition, and other comments to the > WG list. Thanks to all who replied. There appears to be ample support for adopting this document. Nathaniel (or Matt), please submit a draft-ietf-kitten-krb-service-discovery-00 at your convenience. Substantive reviews of draft-mccallum-kitten-krb-service-discovery-03 are also welcome in the interim, and would count towards our assessment of whether there is working group consensus on the document in order to move it forwards to the IESG. Thanks, Ben From nobody Thu Feb 9 11:43:07 2017 Return-Path: X-Original-To: kitten@ietfa.amsl.com Delivered-To: kitten@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85FFE129C72 for ; Thu, 9 Feb 2017 11:43:05 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.288 X-Spam-Level: X-Spam-Status: No, score=-2.288 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HK_RANDOM_FROM=0.999, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-1.887, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wiOtr5GyjzKE for ; Thu, 9 Feb 2017 11:43:03 -0800 (PST) Received: from mail-io0-f170.google.com (mail-io0-f170.google.com [209.85.223.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9DF87129C6F for ; Thu, 9 Feb 2017 11:43:03 -0800 (PST) Received: by mail-io0-f170.google.com with SMTP id j13so28024673iod.3 for ; Thu, 09 Feb 2017 11:43:03 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=gYfTSQnWXgltByP30hOKagyVHEiojOd4W1KnqdjBvhw=; b=TmhlUmedZs1zAPMIljXKV6ypHTZx1w6VxU5QDqQf4Y9fkPVtOv2vcoT4ciI+BTco33 caRNU84EXtzuG/S+G5Bnr6cbMr+VjDlmIyh/ZIrTvUvwsNy6qvxnO4uWqcaLLpW2yY5y irbSyn0fWRSX/MRnzrfKcnZyJ3tnMdtWVey8z40qlSxOXA4YlJzgY8FAu8gItv01cNpc EFY9VVl21LyWcDYgPY/ovcPgPXy0Nv86+y7SjwuZqeQKRfhKWY9XVt5QX6lGG05CyiJD EEOwc3Vc1h0D8pKgpEWXNCYG1LP+9nUG/M6HWZWuuhiCOkqhWd8fiVZwApJ6XbVVFoJ3 3JGQ== X-Gm-Message-State: AIkVDXJBD7h371dOeV5fFcYb98LE02fz3tq6LrgqnHKcwI4POjobmIRxjgb1B5qIVao4MSJ1dzHv9F/ccLyqs9wG X-Received: by 10.36.204.136 with SMTP id x130mr24118030itf.93.1486669382930; Thu, 09 Feb 2017 11:43:02 -0800 (PST) MIME-Version: 1.0 Received: by 10.107.179.196 with HTTP; Thu, 9 Feb 2017 11:43:02 -0800 (PST) In-Reply-To: <20170208035442.GL8460@kduck.kaduk.org> References: <20170125021244.GH8460@kduck.kaduk.org> <20170208035442.GL8460@kduck.kaduk.org> From: Nathaniel McCallum Date: Thu, 9 Feb 2017 14:43:02 -0500 Message-ID: To: Benjamin Kaduk Content-Type: text/plain; charset=UTF-8 Archived-At: Cc: kitten@ietf.org Subject: Re: [kitten] Call for adoption: draft-mccallum-kitten-krb-service-discovery X-BeenThere: kitten@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Common Authentication Technologies - Next Generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Feb 2017 19:43:05 -0000 I have submitted the existing draft under the new name. Besides the submission date and name, there were no other changes. On Tue, Feb 7, 2017 at 10:54 PM, Benjamin Kaduk wrote: > On Tue, Jan 24, 2017 at 08:12:44PM -0600, Benjamin Kaduk wrote: >> Hi all, >> >> This message begins a two-week call for adoption of >> draft-mccallum-kitten-krb-service-discovery (the current version of which is >> https://tools.ietf.org/html/draft-mccallum-kitten-krb-service-discovery-03). >> >> Though to some extent the document is documenting an existing deployment, >> there may be value to be gained from having WG approval of a mechanism >> perceived as a general improvement to the kerberos protocol. >> >> Please send messages of support, opposition, and other comments to the >> WG list. > > Thanks to all who replied. There appears to be ample support for adopting > this document. Nathaniel (or Matt), please submit a > draft-ietf-kitten-krb-service-discovery-00 at your convenience. > > Substantive reviews of draft-mccallum-kitten-krb-service-discovery-03 are > also welcome in the interim, and would count towards our assessment of > whether there is working group consensus on the document in order to > move it forwards to the IESG. > > Thanks, > > Ben > > _______________________________________________ > Kitten mailing list > Kitten@ietf.org > https://www.ietf.org/mailman/listinfo/kitten From nobody Thu Feb 9 12:06:02 2017 Return-Path: X-Original-To: kitten@ietf.org Delivered-To: kitten@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id EF0B8129586; Thu, 9 Feb 2017 12:05:56 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: X-Test-IDTracker: no X-IETF-IDTracker: 6.42.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <148667075697.8220.14670871297168513802.idtracker@ietfa.amsl.com> Date: Thu, 09 Feb 2017 12:05:56 -0800 Archived-At: Cc: kitten@ietf.org Subject: [kitten] I-D Action: draft-ietf-kitten-krb-service-discovery-00.txt X-BeenThere: kitten@ietf.org X-Mailman-Version: 2.1.17 List-Id: Common Authentication Technologies - Next Generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Feb 2017 20:05:57 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Common Authentication Technology Next Generation of the IETF. Title : Kerberos Service Discovery using DNS Authors : Nathaniel McCallum Matt Rogers Filename : draft-ietf-kitten-krb-service-discovery-00.txt Pages : 9 Date : 2017-02-09 Abstract: This document proposes defines a new mechanism for discovering Kerberos services using DNS. This new mechanism extends the mechanism already defined in Kerberos V5 [RFC4120] and has four goals. First, reduce the number of DNS queries required to discover a Kerberos KDC. Second, provide DNS administrators more control over client behavior. Third, provide support for discovery of the MS- KKDCP transport. Fourth, define a discovery procedure for Kerberos password services. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-kitten-krb-service-discovery/ There's also a htmlized version available at: https://tools.ietf.org/html/draft-ietf-kitten-krb-service-discovery-00 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Thu Feb 9 13:53:04 2017 Return-Path: X-Original-To: kitten@ietf.org Delivered-To: kitten@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 905D41295F5; Thu, 9 Feb 2017 13:53:03 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: X-Test-IDTracker: no X-IETF-IDTracker: 6.42.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <148667718358.8186.16849989753497930818.idtracker@ietfa.amsl.com> Date: Thu, 09 Feb 2017 13:53:03 -0800 Archived-At: Cc: kitten@ietf.org Subject: [kitten] I-D Action: draft-ietf-kitten-krb-auth-indicator-07.txt X-BeenThere: kitten@ietf.org X-Mailman-Version: 2.1.17 List-Id: Common Authentication Technologies - Next Generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Feb 2017 21:53:03 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Common Authentication Technology Next Generation of the IETF. Title : Authentication Indicator in Kerberos Tickets Authors : Anupam Jain Nathan Kinder Nathaniel McCallum Filename : draft-ietf-kitten-krb-auth-indicator-07.txt Pages : 6 Date : 2017-02-09 Abstract: This document updates RFC 4120 in order to specify an extension in the Kerberos protocol. It defines a new authorization data type AD- AUTHENTICATION-INDICATOR. The purpose of introducing this data type is to include an indicator of the strength of a client's authentication in service tickets so that application services can use it as an input into policy decisions. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-kitten-krb-auth-indicator/ There's also a htmlized version available at: https://tools.ietf.org/html/draft-ietf-kitten-krb-auth-indicator-07 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-kitten-krb-auth-indicator-07 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Wed Feb 15 18:30:44 2017 Return-Path: X-Original-To: kitten@ietfa.amsl.com Delivered-To: kitten@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18B41129438 for ; Wed, 15 Feb 2017 18:30:42 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p__27fosoJ2p for ; Wed, 15 Feb 2017 18:30:41 -0800 (PST) Received: from homiemail-a70.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 215D3129428 for ; Wed, 15 Feb 2017 18:30:41 -0800 (PST) Received: from homiemail-a70.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a70.g.dreamhost.com (Postfix) with ESMTP id 94894A004B16; Wed, 15 Feb 2017 18:30:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=fcVyMrFW2aUCrG OGy5qySK9jGOM=; b=Hh7yoatOaC9n8ctMUm9+I/3feKjRDgB4bxrdnbh+ruw2A2 s2H48U6oRQGL8cortCjyL6iZpq2k7cvJD+R63tvfCHTlgDjDmC68yCMkRNQip9FS O8NuM3McsK8UBUJpuqQie4SFWK8jwhtsZLWe2PeTR0hQMUJhk3w7KV80yr7ko= Received: from localhost (cpe-70-123-158-140.austin.res.rr.com [70.123.158.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a70.g.dreamhost.com (Postfix) with ESMTPSA id 3FA9BA004B13; Wed, 15 Feb 2017 18:30:40 -0800 (PST) Date: Wed, 15 Feb 2017 20:30:37 -0600 From: Nico Williams To: Benjamin Kaduk Message-ID: <20170216023036.GA25305@localhost> References: <148098158374.9626.6869395964350829577.idtracker@ietfa.amsl.com> <20161205234731.GB8460@kduck.kaduk.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20161205234731.GB8460@kduck.kaduk.org> User-Agent: Mutt/1.5.24 (2015-08-30) Archived-At: Cc: kitten@ietf.org Subject: Re: [kitten] I-D Action: draft-ietf-kitten-rfc5653bis-04.txt X-BeenThere: kitten@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Common Authentication Technologies - Next Generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Feb 2017 02:30:42 -0000 On Mon, Dec 05, 2016 at 05:47:31PM -0600, Benjamin Kaduk wrote: > This is just a no-change rebuild to un-expire the document. I've reviewed the whole thing. I have no comments other than that I approve. Let's get it published. Nico -- From nobody Wed Feb 15 19:31:30 2017 Return-Path: X-Original-To: kitten@ietfa.amsl.com Delivered-To: kitten@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 889F91294B8 for ; Wed, 15 Feb 2017 19:31:25 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.202 X-Spam-Level: X-Spam-Status: No, score=-4.202 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vY1ct6mMp0ES for ; Wed, 15 Feb 2017 19:31:24 -0800 (PST) Received: from dmz-mailsec-scanner-6.mit.edu (dmz-mailsec-scanner-6.mit.edu [18.7.68.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 65461129CB0 for ; Wed, 15 Feb 2017 19:31:24 -0800 (PST) X-AuditID: 12074423-aebff70000007225-f7-58a51d0b6aea Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by (Symantec Messaging Gateway) with SMTP id 1C.E8.29221.B0D15A85; Wed, 15 Feb 2017 22:31:23 -0500 (EST) Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id v1G3VMs6007944; Wed, 15 Feb 2017 22:31:23 -0500 Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id v1G3VJxR011007 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 15 Feb 2017 22:31:22 -0500 Date: Wed, 15 Feb 2017 21:31:19 -0600 From: Benjamin Kaduk To: Nico Williams Message-ID: <20170216033118.GO30306@kduck.kaduk.org> References: <148098158374.9626.6869395964350829577.idtracker@ietfa.amsl.com> <20161205234731.GB8460@kduck.kaduk.org> <20170216023036.GA25305@localhost> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20170216023036.GA25305@localhost> User-Agent: Mutt/1.6.1 (2016-04-27) X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrGIsWRmVeSWpSXmKPExsUixCmqrMstuzTCYNlhaYujm1exWJy6doTN gcnj5alzjB5LlvxkCmCK4rJJSc3JLEst0rdL4Mpo2ruBrWAiS0XPh5uMDYxzmbsYOTkkBEwk Ws8cZwKxhQTamCQObw7tYuQCsjcySpz4cIwJwrnKJDF10zT2LkYODhYBVYkPizhBGtgEVCQa ui+DDRIR0JS4Pm8pG4jNLCAssXzNWTBbWMBV4smd/YwgNi/Qsv/T7jBDzJzNKHH+xQIWiISg xMmZT1ggmrUkbvx7yQSyi1lAWmL5Pw6QMKeAvsTFFUtZQWxRAWWJhhkPmCcwCsxC0j0LSfcs hO4FjMyrGGVTcqt0cxMzc4pTk3WLkxPz8lKLdM30cjNL9FJTSjcxgoKU3UV5B+PLPu9DjAIc jEo8vA4ZSyKEWBPLiitzDzFKcjApifJaSyyNEOJLyk+pzEgszogvKs1JLT7EKMHBrCTC28YM lONNSaysSi3Kh0lJc7AoifOKazRGCAmkJ5akZqemFqQWwWRlODiUJHiNZYAaBYtS01Mr0jJz ShDSTBycIMN5gIYXS4MMLy5IzC3OTIfIn2LU5Tj16cJLJiGWvPy8VClx3gKQIgGQoozSPLg5 oOQikb2/5hWjONBbwryqIOt4gIkJbtIroCVMQEtY4xaCLClJREhJNTDKe3XwnXPUC9ixexPH np9yVfu7O8SzSl8+DVpXajVFIseducVbaom5OP8RbUaB11Xbv6p78jDa/fbOWSJyM+SbSe/G 75elHrs46IkkZ1rEhLPZ1xdH+V3L/DedYfauFEG/1c5bL9rNYdXmSfqm/9lX7lZ3Q9j26Clt f977LSm+fcohW/eAnxJLcUaioRZzUXEiAI468YcJAwAA Archived-At: Cc: kitten@ietf.org Subject: Re: [kitten] I-D Action: draft-ietf-kitten-rfc5653bis-04.txt X-BeenThere: kitten@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Common Authentication Technologies - Next Generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Feb 2017 03:31:25 -0000 On Wed, Feb 15, 2017 at 08:30:37PM -0600, Nico Williams wrote: > On Mon, Dec 05, 2016 at 05:47:31PM -0600, Benjamin Kaduk wrote: > > This is just a no-change rebuild to un-expire the document. > > I've reviewed the whole thing. I have no comments other than that I > approve. Let's get it published. Thanks, Nico. With that, I think we can conclude that this document has WG consensus and proceed to move it forward. That should leave some room for us to pick up some new work, which is quite exciting! -Ben From nobody Thu Feb 16 06:49:44 2017 Return-Path: X-Original-To: kitten@ietf.org Delivered-To: kitten@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id D6C1A129638; Thu, 16 Feb 2017 06:49:37 -0800 (PST) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: The IESG To: "IETF-Announce" X-Test-IDTracker: no X-IETF-IDTracker: 6.43.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <148725657784.15909.1055154487623449110.idtracker@ietfa.amsl.com> Date: Thu, 16 Feb 2017 06:49:37 -0800 Archived-At: Cc: kitten-chairs@ietf.org, kitten@ietf.org, The IESG , draft-ietf-kitten-krb-auth-indicator@ietf.org, rfc-editor@rfc-editor.org Subject: [kitten] Protocol Action: 'Authentication Indicator in Kerberos Tickets' to Proposed Standard (draft-ietf-kitten-krb-auth-indicator-07.txt) X-BeenThere: kitten@ietf.org X-Mailman-Version: 2.1.17 List-Id: Common Authentication Technologies - Next Generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Feb 2017 14:49:38 -0000 The IESG has approved the following document: - 'Authentication Indicator in Kerberos Tickets' (draft-ietf-kitten-krb-auth-indicator-07.txt) as Proposed Standard This document is the product of the Common Authentication Technology Next Generation Working Group. The IESG contact persons are Stephen Farrell and Kathleen Moriarty. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-kitten-krb-auth-indicator/ Technical Summary This document specifies a new authorization data element for Kerberos. This element is designed to contain an indication of the nature of the initial authentication, for subsequent use in policy decisions. Working Group Summary This document is short and simple, and had broad support for adoption when it was first introduced, even eliciting comments from WG participants that are usually silent. Document Quality This is a Standards-Track document as befits its intended role as a standard part of Kerberos implementations, and Updates RFC 4120 in accordance with that intention for the new data type to be implemented in tandem with implementations of RFC 4120. Personnel Benjamin Kaduk is the document shepherd. Stephen Farrell is the responsible Area Director. RFC Editor Note The ASN.1 references deliberately do refer to versions of those specs that are old. That is intentional, as those are the version of ASN.1 that we know works and we confirmed that with the authors and wg chairs. So no need to ask the authors if they'd like to update those references to the latest and greatest. From nobody Thu Feb 16 10:23:10 2017 Return-Path: X-Original-To: kitten@ietfa.amsl.com Delivered-To: kitten@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ADBD91294F8; Thu, 16 Feb 2017 10:23:04 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.203 X-Spam-Level: X-Spam-Status: No, score=-4.203 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QSR7eqUOZuTM; Thu, 16 Feb 2017 10:23:03 -0800 (PST) Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B710A1293F8; Thu, 16 Feb 2017 10:23:03 -0800 (PST) Received: by rfc-editor.org (Postfix, from userid 30) id B176EB814FA; Thu, 16 Feb 2017 10:23:03 -0800 (PST) To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org X-PHP-Originating-Script: 1005:ams_util_lib.php From: rfc-editor@rfc-editor.org Message-Id: <20170216182303.B176EB814FA@rfc-editor.org> Date: Thu, 16 Feb 2017 10:23:03 -0800 (PST) Archived-At: Cc: kitten@ietf.org, drafts-update-ref@iana.org, rfc-editor@rfc-editor.org Subject: [kitten] RFC 8070 on Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) Freshness Extension X-BeenThere: kitten@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Common Authentication Technologies - Next Generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Feb 2017 18:23:04 -0000 A new Request for Comments is now available in online RFC libraries. RFC 8070 Title: Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) Freshness Extension Author: M. Short, Ed., S. Moore, P. Miller Status: Standards Track Stream: IETF Date: February 2017 Mailbox: michikos@microsoft.com, sethmo@microsoft.com, paumil@microsoft.com Pages: 9 Characters: 16348 Updates/Obsoletes/SeeAlso: None I-D Tag: draft-ietf-kitten-pkinit-freshness-07.txt URL: https://www.rfc-editor.org/info/rfc8070 DOI: 10.17487/RFC8070 This document describes how to further extend the Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) extension (defined in RFC 4556) to exchange an opaque data blob that a Key Distribution Center (KDC) can validate to ensure that the client is currently in possession of the private key during a PKINIT Authentication Service (AS) exchange. This document is a product of the Common Authentication Technology Next Generation Working Group of the IETF. This is now a Proposed Standard. STANDARDS TRACK: This document specifies an Internet Standards Track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the Official Internet Protocol Standards (https://www.rfc-editor.org/standards) for the standardization state and status of this protocol. Distribution of this memo is unlimited. This announcement is sent to the IETF-Announce and rfc-dist lists. To subscribe or unsubscribe, see https://www.ietf.org/mailman/listinfo/ietf-announce https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist For searching the RFC series, see https://www.rfc-editor.org/search For downloading RFCs, see https://www.rfc-editor.org/retrieve/bulk Requests for special distribution should be addressed to either the author of the RFC in question, or to rfc-editor@rfc-editor.org. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution. The RFC Editor Team Association Management Solutions, LLC From nobody Tue Feb 28 17:17:16 2017 Return-Path: X-Original-To: kitten@ietfa.amsl.com Delivered-To: kitten@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA6D11295EB; Tue, 28 Feb 2017 17:17:14 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.202 X-Spam-Level: X-Spam-Status: No, score=-4.202 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KwJ5vghPpqHZ; Tue, 28 Feb 2017 17:17:13 -0800 (PST) Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 79AD2129463; Tue, 28 Feb 2017 17:16:57 -0800 (PST) Received: by rfc-editor.org (Postfix, from userid 30) id 7386EB820EC; Tue, 28 Feb 2017 17:16:57 -0800 (PST) To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org X-PHP-Originating-Script: 1005:ams_util_lib.php From: rfc-editor@rfc-editor.org Message-Id: <20170301011657.7386EB820EC@rfc-editor.org> Date: Tue, 28 Feb 2017 17:16:57 -0800 (PST) Archived-At: Cc: kitten@ietf.org, drafts-update-ref@iana.org, rfc-editor@rfc-editor.org Subject: [kitten] RFC 8062 on Anonymity Support for Kerberos X-BeenThere: kitten@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Common Authentication Technologies - Next Generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Mar 2017 01:17:15 -0000 A new Request for Comments is now available in online RFC libraries. RFC 8062 Title: Anonymity Support for Kerberos Author: L. Zhu, P. Leach, S. Hartman, S. Emery, Ed. Status: Standards Track Stream: IETF Date: February 2017 Mailbox: larry.zhu@microsoft.com, pauljleach@msn.com, hartmans-ietf@mit.edu, shawn.emery@gmail.com Pages: 18 Characters: 42542 Obsoletes: RFC 6112 Updates: RFC 4120, RFC 4121, RFC 4556 I-D Tag: draft-ietf-kitten-rfc6112bis-03.txt URL: https://www.rfc-editor.org/info/rfc8062 DOI: 10.17487/RFC8062 This document defines extensions to the Kerberos protocol to allow a Kerberos client to securely communicate with a Kerberos application service without revealing its identity, or without revealing more than its Kerberos realm. It also defines extensions that allow a Kerberos client to obtain anonymous credentials without revealing its identity to the Kerberos Key Distribution Center (KDC). This document updates RFCs 4120, 4121, and 4556. This document obsoletes RFC 6112 and reclassifies that document as Historic. RFC 6112 contained errors, and the protocol described in that specification is not interoperable with any known implementation. This specification describes a protocol that interoperates with multiple implementations. This document is a product of the Common Authentication Technology Next Generation Working Group of the IETF. This is now a Proposed Standard. STANDARDS TRACK: This document specifies an Internet Standards Track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the Official Internet Protocol Standards (https://www.rfc-editor.org/standards) for the standardization state and status of this protocol. Distribution of this memo is unlimited. This announcement is sent to the IETF-Announce and rfc-dist lists. To subscribe or unsubscribe, see https://www.ietf.org/mailman/listinfo/ietf-announce https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist For searching the RFC series, see https://www.rfc-editor.org/search For downloading RFCs, see https://www.rfc-editor.org/retrieve/bulk Requests for special distribution should be addressed to either the author of the RFC in question, or to rfc-editor@rfc-editor.org. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution. The RFC Editor Team Association Management Solutions, LLC From nobody Tue Feb 28 21:53:03 2017 Return-Path: X-Original-To: kitten@ietfa.amsl.com Delivered-To: kitten@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B5C012945E for ; Tue, 28 Feb 2017 21:53:02 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.201 X-Spam-Level: X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lJMMGxheSfYJ for ; Tue, 28 Feb 2017 21:53:01 -0800 (PST) Received: from dmz-mailsec-scanner-1.mit.edu (dmz-mailsec-scanner-1.mit.edu [18.9.25.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 526DB127058 for ; Tue, 28 Feb 2017 21:53:01 -0800 (PST) X-AuditID: 1209190c-26fff7000000248f-32-58b661ba02ca Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by (Symantec Messaging Gateway) with SMTP id AD.D5.09359.AB166B85; Wed, 1 Mar 2017 00:52:59 -0500 (EST) Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id v215qwCs019097 for ; Wed, 1 Mar 2017 00:52:58 -0500 Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id v215qtaV006078 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Wed, 1 Mar 2017 00:52:58 -0500 Date: Tue, 28 Feb 2017 23:52:55 -0600 From: Benjamin Kaduk To: kitten@ietf.org Message-ID: <20170301055254.GD30306@kduck.kaduk.org> References: <20170301011657.7386EB820EC@rfc-editor.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20170301011657.7386EB820EC@rfc-editor.org> User-Agent: Mutt/1.6.1 (2016-04-27) X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrMIsWRmVeSWpSXmKPExsUixCmqrLs7cVuEwY7lchZHN69icWD0WLLk J1MAYxSXTUpqTmZZapG+XQJXxoLLN9gKvnNUnNqwkL2BcQVrFyMnh4SAicT152tZuhi5OIQE 2pgkms8fg3KOMUr8fH+fGcJ5xSTxcvUaoBYODhYBVYl/r/lButkEVCQaui8zg9giAsISu7e+ A7OFBRwklnzYBGbzAm3o//WXEcQWEjCX2PNvK1RcUOLkzCcsIDazgJbEjX8vmUDGMwtISyz/ xwFicgpYSKx5JgFSISqgLNEw4wHzBEb+WUiaZyFpnoXQvICReRWjbEpulW5uYmZOcWqybnFy Yl5eapGuoV5uZoleakrpJkZw2Eny7GA888brEKMAB6MSD29G59YIIdbEsuLK3EOMkhxMSqK8 l7i2RQjxJeWnVGYkFmfEF5XmpBYfYpTgYFYS4Q02AMrxpiRWVqUW5cOkpDlYlMR5JTQaI4QE 0hNLUrNTUwtSi2CyMhwcShK81QlAjYJFqempFWmZOSUIaSYOTpDhPEDDI0BqeIsLEnOLM9Mh 8qcYFaXEedWBkS0kAJLIKM2D6wWlBYns/TWvGMWBXhHmrQBp5wGmFLjuV0CDmYAGv1DZCjK4 JBEhJdXAeM4m1EB307Iitk6j/sd+RzK6Jh8XvnFj3jKZ8odbFGtOXn4ht8jm3x1NofMPjOc/ cHkx8dMq3k833af0aNvpyVu3zOBa2NPzPuvfKzcLBeVPp7liDpvWl3DrdpX02eX4n1zyQ2TR rCNicefeVtjsZ8+3CLJ8eGTqtK3iyvf/c8nOfvAkbdnxfiWW4oxEQy3mouJEAGVIbl/mAgAA Archived-At: Subject: Re: [kitten] RFC 8062 on Anonymity Support for Kerberos X-BeenThere: kitten@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Common Authentication Technologies - Next Generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Mar 2017 05:53:02 -0000 On Tue, Feb 28, 2017 at 05:16:57PM -0800, rfc-editor@rfc-editor.org wrote: > A new Request for Comments is now available in online RFC libraries. > > > RFC 8062 > > Title: Anonymity Support for Kerberos > Author: L. Zhu, > P. Leach, > S. Hartman, > S. Emery, Ed. > Status: Standards Track > Stream: IETF > Date: February 2017 > Mailbox: larry.zhu@microsoft.com, > pauljleach@msn.com, > hartmans-ietf@mit.edu, > shawn.emery@gmail.com > Pages: 18 > Characters: 42542 > Obsoletes: RFC 6112 > Updates: RFC 4120, RFC 4121, RFC 4556 > > I-D Tag: draft-ietf-kitten-rfc6112bis-03.txt > > URL: https://www.rfc-editor.org/info/rfc8062 > > DOI: 10.17487/RFC8062 Great work all! We're ready to send rfc5653bis to the RFC Editor as well, and are looking for reviews of draft-ietf-kitten-krb-service-discovery! -Ben