From obchod@aec.cz Tue Jun 2 11:39:42 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D9B223A6C33 for ; Tue, 2 Jun 2009 11:39:42 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -12.866 X-Spam-Level: X-Spam-Status: No, score=-12.866 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_NONE=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HDuQhVZz7Dfo for ; Tue, 2 Jun 2009 11:39:34 -0700 (PDT) Received: from aicins.com (unknown [95.78.106.24]) by core3.amsl.com (Postfix) with SMTP id 7B6D128C217 for ; Tue, 2 Jun 2009 11:39:26 -0700 (PDT) To: krb-wg-archive@lists.ietf.org Subject: For next week From: krb-wg-archive@lists.ietf.org MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090602183927.7B6D128C217@core3.amsl.com> Date: Tue, 2 Jun 2009 11:39:26 -0700 (PDT)
Tell a friend · Download latest version See this email as a webpage

Hello!

Shipped Privately And Discreetly To Your Door!
See this email as a webpage
  We want to put a great big grin on your face in 2009. You'll be to rejoice all year.  

Unsubscribe · Lost Password · Account Settings · Help · Terms of Service · Privacy

Ottho Heldringstraat 4, 17047 AZ Amsterdam, The Netherlands
From jaruns@acagroup.com Tue Jun 2 18:09:54 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 676EF3A6E79 for ; Tue, 2 Jun 2009 18:09:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.694 X-Spam-Level: X-Spam-Status: No, score=-10.694 tagged_above=-999 required=5 tests=[BAYES_80=2, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TfbckcbMZy0L for ; Tue, 2 Jun 2009 18:09:47 -0700 (PDT) Received: from pool-71-168-87-167.cncdnh.east.myfairpoint.net (pool-71-168-87-167.cncdnh.east.myfairpoint.net [71.168.87.167]) by core3.amsl.com (Postfix) with SMTP id 8F8BC3A659B for ; Tue, 2 Jun 2009 18:09:42 -0700 (PDT) To: krb-wg-archive@lists.ietf.org Subject: Your Buy.com order #875146 From: krb-wg-archive@lists.ietf.org MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090603010944.8F8BC3A659B@core3.amsl.com> Date: Tue, 2 Jun 2009 18:09:42 -0700 (PDT)
Tell a friend | Download latest version See this email as a webpage

Hello!

Shipped Privately And Discreetly To Your Door!
See this email as a webpage
  We want to put a great big grin on your face in 2009. You'll be to rejoice all year.  

Unsubscribe | Lost Password | Account Settings | Help | Terms of Service | Privacy

Ottho Heldringstraat 5, 53892 AZ Amsterdam, The Netherlands
From directlyy44@shabstract.com Wed Jun 3 07:04:39 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E39123A6AC5; Wed, 3 Jun 2009 07:04:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -8.23 X-Spam-Level: X-Spam-Status: No, score=-8.23 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_FAKE_RCVD_LINE_B=5.777, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_HCC=4.295, HELO_DYNAMIC_IPADDR2=4.395, HELO_EQ_BLUEYON=1.4, HELO_EQ_MODEMCABLE=0.768, HOST_EQ_MODEMCABLE=1.368, HS_INDEX_PARAM=0.001, HTML_FONT_SIZE_HUGE=0.057, HTML_IMAGE_RATIO_04=0.172, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_ALC=1.405, TVD_RCVD_IP=1.931, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_SBL=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WSbkqXBGQ6oz; Wed, 3 Jun 2009 07:04:39 -0700 (PDT) Received: from 82-46-74-208.cable.ubr04.stav.blueyonder.co.uk (82-46-74-208.cable.ubr04.stav.blueyonder.co.uk [82.46.74.208]) by core3.amsl.com (Postfix) with ESMTP id A61013A6943; Wed, 3 Jun 2009 07:04:37 -0700 (PDT) Received: from 82.46.74.208 by mail.shabstract.com; Wed, 3 Jun 2009 15:03:39 +0000 Date: Wed, 3 Jun 2009 15:03:39 +0000 From: kink-archive@lists.ietf.org X-Mailer: The Bat! (v3.62.03) Professional X-Priority: 3 (Normal) Message-ID: <421611052.87161883698406@shabstract.com> To: kink-archive@lists.ietf.org Subject: Improve your digestive system , Try Acai Berry. MIME-Version: 1.0 Content-Type: text/html; charset=Windows-1252 Content-Transfer-Encoding: 7bit
If you have trouble viewing this e-mail, please click here.

Everyone
Will Want
Your New Secret

ACAI POWER SLIM

Discover the secret today!
We are waiting

To review our Privacy Policy, please click here.

To ensure the delivery of your informative updates from Dr. Lark and the Daily Balance
Team, please add kink-archive@lists.ietf.org to your email address book.

************TO UNSUBSCRIBE************
You are receiving this e-mail at kink-archive@lists.ietf.org because you
indicated an interest in receiving special updates and offers from Dr. Lark.
We hope that you find these updates helpful, but if you would rather not
receive them, you can unsubscribe by clicking here. You will be
immediately unsubscribed from our database. Remember, your personal information
will only be used by Healthy Directions, LLC, for editorial and marketing purposes.
Thank you.

Daily Balance
930 Indian Springs Drive
Lancaster, PA 09858

From edselwn30@riptidelures.com Wed Jun 3 11:48:13 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0D6583A7068; Wed, 3 Jun 2009 11:48:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -22.51 X-Spam-Level: X-Spam-Status: No, score=-22.51 tagged_above=-999 required=5 tests=[BAYES_99=3.5, DIET_1=0.083, DOS_OE_TO_MX=2.75, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, FS_START_LOSE=1.493, GB_OPRAH=2, HELO_DYNAMIC_IPADDR=2.426, HS_INDEX_PARAM=0.001, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, STOX_REPLY_TYPE=0.001, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_SBL=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XG5Xbl-8FcYb; Wed, 3 Jun 2009 11:48:12 -0700 (PDT) Received: from c-75-65-242-89.hsd1.ms.comcast.net (c-75-65-242-89.hsd1.ms.comcast.net [75.65.242.89]) by core3.amsl.com (Postfix) with ESMTP id 893CF3A7063; Wed, 3 Jun 2009 11:48:10 -0700 (PDT) Date: Wed, 3 Jun 2009 13:48:10 -0600 From: kink-archive@lists.ietf.org Subject: Lose unwanted wieght , Try Acai Berry. To: Message-ID: <000d01c9e47b$d7835ab0$6400a8c0@edselwn30> MIME-Version: 1.0 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Mailer: Microsoft Outlook Express 6.00.2900.2180 Content-type: text/plain; format=flowed; charset=iso-8859-1; reply-type=original Content-transfer-encoding: 7bit X-Priority: 3 X-MSMail-priority: Normal LoseWeight Natural SuperFood endorsed by Oprah Winfrey, FREE TRIAL 1 bottle, only pay $5.95 for shipping Get the worlds # 1 food Acai Berry in your diet. -------------------------------------- Acai Power Slim -- The newest and most exciting fat loss product available - As seen on Oprah! Real testimonials: "I was originally amazed that the first two pills I took of Acai Power Slim, almost immediately took my cravings away. Now 4 weeks later, 3 belt holes later, I have become an advocate for this awesomely powerful, natural supplement!" "I tried Acai Power Slim after visiting your website, and I lost a few pounds without doing anything else. I was so amazed I decided to start exercising and getting outside more and I even starting eating better. Now I don't even look like the same man. Friends I haven't seen for more than a year don't even recognize me. The change is that dramatic! Thank you …. Acai Power Slim really works!" Read more testimonals here! Thad Huff -------------------------------------- We are waiting http://www.chezahu.net/?bjuvvlybrvm From enticingz@piazzadellavoro.it Wed Jun 3 11:53:08 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DBFE33A69E5; Wed, 3 Jun 2009 11:53:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7.443 X-Spam-Level: X-Spam-Status: No, score=-7.443 tagged_above=-999 required=5 tests=[BAYES_99=3.5, DIET_1=0.083, DOS_OE_TO_MX=2.75, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, GB_OPRAH=2, HELO_DYNAMIC_HCC=4.295, HELO_DYNAMIC_IPADDR2=4.395, HELO_EQ_BR=0.955, HELO_EQ_DSL=1.129, HELO_EQ_TELESP=1.245, HOST_EQ_BR=1.295, HS_INDEX_PARAM=0.001, JOIN_MILLIONS=1.777, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_MILLIONSOF=0.315, SARE_RECV_SPAM_DOMN02=1.666, STOX_REPLY_TYPE=0.001, TVD_RCVD_IP=1.931, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_SBL=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j9cgfC7FwKTo; Wed, 3 Jun 2009 11:53:08 -0700 (PDT) Received: from 201-26-205-242.dsl.telesp.net.br (201-26-205-242.dsl.telesp.net.br [201.26.205.242]) by core3.amsl.com (Postfix) with ESMTP id AEE1228C1A5; Wed, 3 Jun 2009 11:53:07 -0700 (PDT) Date: Wed, 3 Jun 2009 15:52:58 -0300 From: eap-archive@lists.ietf.org Subject: Join millions of Acai Berry users but do it for Free To: Message-ID: <000d01c9e47c$82e6a100$6400a8c0@enticingz> MIME-Version: 1.0 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Mailer: Microsoft Outlook Express 6.00.2900.2180 Content-type: text/plain; format=flowed; charset=iso-8859-1; reply-type=original Content-transfer-encoding: 7bit X-Priority: 3 X-MSMail-priority: Normal Its so easy to look great Try Acai Berry. Get your Free trial today! -------------------------------------- Acai Power Slim -- The newest and most exciting fat loss product available - As seen on Oprah! Real testimonials: "I was originally amazed that the first two pills I took of Acai Power Slim, almost immediately took my cravings away. Now 4 weeks later, 3 belt holes later, I have become an advocate for this awesomely powerful, natural supplement!" "I tried Acai Power Slim after visiting your website, and I lost a few pounds without doing anything else. I was so amazed I decided to start exercising and getting outside more and I even starting eating better. Now I don't even look like the same man. Friends I haven't seen for more than a year don't even recognize me. The change is that dramatic! Thank you …. Acai Power Slim really works!" Read more testimonals here! Kathleen Castro -------------------------------------- We welcome everybody. http://www.chezahu.net/?bjuvvlybrvm From kukcxoeytykih@ais-uk.org Wed Jun 3 14:27:53 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 13C9E28C14C for ; Wed, 3 Jun 2009 14:27:51 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -15.625 X-Spam-Level: X-Spam-Status: No, score=-15.625 tagged_above=-999 required=5 tests=[BAYES_80=2, FH_RELAY_NODNS=1.451, HELO_EQ_AU=0.377, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_NONE=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oEUs+EyNXyAG for ; Wed, 3 Jun 2009 14:27:38 -0700 (PDT) Received: from afic.com.au (unknown [186.83.119.249]) by core3.amsl.com (Postfix) with SMTP id 199203A6FAB for ; Wed, 3 Jun 2009 14:27:36 -0700 (PDT) To: krb-wg-archive@lists.ietf.org Subject: Your Buy.com order #904397 From: krb-wg-archive@lists.ietf.org MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090603212737.199203A6FAB@core3.amsl.com> Date: Wed, 3 Jun 2009 14:27:36 -0700 (PDT)
Tell a friend | Download latest version See this email as a webpage

Hello!

Shipped Privately And Discreetly To Your Door!
See this email as a webpage
  We want to put a great big grin on your face in 2009. You'll be to rejoice all year.  

Unsubscribe | Lost Password | Account Settings | Help | Terms of Service | Privacy

Ottho Heldringstraat 1, 39816 AZ Amsterdam, The Netherlands
From mzaraket@al-akhbar.com Thu Jun 4 04:09:45 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6E8F23A67FB for ; Thu, 4 Jun 2009 04:09:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.793 X-Spam-Level: X-Spam-Status: No, score=-4.793 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_DHCP=1.398, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_CPE=0.5, HOST_EQ_CPE=0.979, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N-zXaG61p6gm for ; Thu, 4 Jun 2009 04:09:39 -0700 (PDT) Received: from cpe-173-88-15-92.columbus.res.rr.com (cpe-173-88-15-92.columbus.res.rr.com [173.88.15.92]) by core3.amsl.com (Postfix) with SMTP id 365B428C2BF for ; Thu, 4 Jun 2009 04:09:22 -0700 (PDT) To: krb-wg-archive@lists.ietf.org Subject: Your registration #342959 From: krb-wg-archive@lists.ietf.org MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090604110923.365B428C2BF@core3.amsl.com> Date: Thu, 4 Jun 2009 04:09:22 -0700 (PDT)
Tell a friend | Download latest version See this email as a webpage

Hello!

Shipped Privately And Discreetly To Your Door!
See this email as a webpage
  We want to put a great big grin on your face in 2009. You'll be to rejoice all year.  

Unsubscribe | Lost Password | Account Settings | Help | Terms of Service | Privacy

Ottho Heldringstraat 1, 40499 AZ Amsterdam, The Netherlands
From ietf-krb-wg-bounces@lists.anl.gov Thu Jun 4 14:05:16 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 45A243A67AC for ; Thu, 4 Jun 2009 14:05:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.861 X-Spam-Level: X-Spam-Status: No, score=-1.861 tagged_above=-999 required=5 tests=[AWL=0.738, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3IPwTphIHCGb for ; Thu, 4 Jun 2009 14:05:15 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 5AB273A6774 for ; Thu, 4 Jun 2009 14:05:15 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id CF8CA13A; Thu, 4 Jun 2009 16:05:17 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 92D47143; Thu, 4 Jun 2009 16:05:13 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 5039F80E05; Thu, 4 Jun 2009 16:05:13 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id C4C9C80E02 for ; Thu, 4 Jun 2009 16:05:11 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id BEC8B140; Thu, 4 Jun 2009 16:05:11 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id BA37F13A for ; Thu, 4 Jun 2009 16:05:11 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id A7812140 for ; Thu, 4 Jun 2009 16:05:11 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 905E77CC05A; Thu, 4 Jun 2009 16:05:11 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 11564-02; Thu, 4 Jun 2009 16:05:11 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 6BABD7CC06C for ; Thu, 4 Jun 2009 16:05:11 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AgwFANvTJ0oSbxK8/2dsb2JhbACBT71mh0CIUYQLBQ X-IronPort-AV: E=Sophos;i="4.41,307,1241413200"; d="scan'208";a="27714306" Received: from dhcp-18-111-18-188.dyn.mit.edu (HELO carter-zimmerman.suchdamage.org) ([18.111.18.188]) by mailgateway.anl.gov with ESMTP; 04 Jun 2009 16:05:10 -0500 Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 8F8584159; Thu, 4 Jun 2009 17:05:09 -0400 (EDT) To: ietf-krb-wg@anl.gov From: Sam Hartman Date: Thu, 04 Jun 2009 17:05:09 -0400 Message-ID: User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux) MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Subject: [Ietf-krb-wg] Requesting last call of draft-ietf-krb-wg-preauth-framework-12 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov I submitted a draft 12 with two changes: * Checksum the inner rather than outer request per mailing list discussion * Add security considerations text. I believe this version is ready for a working group last call. I ask Jeff Hutzelman to start that process. To the best of my knowledge we've addressed all outstanding comments. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Thu Jun 4 14:15:06 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 57D073A6D80 for ; Thu, 4 Jun 2009 14:15:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.306 X-Spam-Level: X-Spam-Status: No, score=-102.306 tagged_above=-999 required=5 tests=[AWL=0.293, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D1SylwgKsb-M for ; Thu, 4 Jun 2009 14:15:05 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 1A8C23A6D59 for ; Thu, 4 Jun 2009 14:15:05 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id B2ED214D; Thu, 4 Jun 2009 16:15:07 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 85A6255; Thu, 4 Jun 2009 16:15:07 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 6644C80E05; Thu, 4 Jun 2009 16:15:07 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id BBA1580E02 for ; Thu, 4 Jun 2009 16:15:05 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 99DE17CC06B; Thu, 4 Jun 2009 16:15:05 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 13442-03; Thu, 4 Jun 2009 16:15:05 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 763837CC066 for ; Thu, 4 Jun 2009 16:15:05 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AsACADPWJ0pAqmIgjmdsb2JhbACONAGITCl2AQEBAQkLCAkPB7Zsgj2BTgU X-IronPort-AV: E=Sophos;i="4.41,307,1241413200"; d="txt'208?scan'208,208";a="27714709" Received: from mail.ietf.org ([64.170.98.32]) by mailgateway.anl.gov with ESMTP; 04 Jun 2009 16:15:04 -0500 Received: by core3.amsl.com (Postfix, from userid 0) id CE15D3A6AC1; Thu, 4 Jun 2009 14:15:01 -0700 (PDT) From: Internet-Drafts@ietf.org To: i-d-announce@ietf.org Content-Type: Multipart/Mixed; Boundary="NextPart" Mime-Version: 1.0 Message-Id: <20090604211501.CE15D3A6AC1@core3.amsl.com> Date: Thu, 4 Jun 2009 14:15:01 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@lists.anl.gov Subject: [Ietf-krb-wg] I-D Action:draft-ietf-krb-wg-preauth-framework-12.txt X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Kerberos Working Group of the IETF. Title : A Generalized Framework for Kerberos Pre-Authentication Author(s) : S. Hartman, L. Zhu Filename : draft-ietf-krb-wg-preauth-framework-12.txt Pages : 49 Date : 2009-06-04 Kerberos is a protocol for verifying the identity of principals (e.g., a workstation user or a network server) on an open network. The Kerberos protocol provides a mechanism called pre-authentication for proving the identity of a principal and for better protecting the long-term secrets of the principal. This document describes a model for Kerberos pre-authentication mechanisms. The model describes what state in the Kerberos request a pre-authentication mechanism is likely to change. It also describes how multiple pre-authentication mechanisms used in the same request will interact. This document also provides common tools needed by multiple pre- authentication mechanisms. One of these tools is a secure channel between the client and the KDC with a reply key delivery mechanism; this secure channel can be used to protect the authentication exchange thus eliminate offline dictionary attacks. With these tools, it is relatively straightforward to chain multiple authentication mechanisms, utilize a different key management system, or support a new key agreement algorithm. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-preauth-framework-12.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Message/External-body; name="draft-ietf-krb-wg-preauth-framework-12.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2009-06-04140258.I-D@ietf.org> --NextPart Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg --NextPart-- From quatrainsqvew9@tamuseum.com Thu Jun 4 15:27:08 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id ABF4F3A69A7; Thu, 4 Jun 2009 15:27:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -22.955 X-Spam-Level: X-Spam-Status: No, score=-22.955 tagged_above=-999 required=5 tests=[BAYES_99=3.5, DOS_OE_TO_MX=2.75, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR2=4.395, HS_INDEX_PARAM=0.001, HTML_FONT_SIZE_HUGE=0.057, HTML_IMAGE_RATIO_04=0.172, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=1.396, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, TVD_RCVD_IP=1.931, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_SBL=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5gy38nJsT3P3; Thu, 4 Jun 2009 15:27:07 -0700 (PDT) Received: from 190-14-242-92.ip.mediacommerce.com.co (190-14-242-92.ip.mediacommerce.com.co [190.14.242.92]) by core3.amsl.com (Postfix) with ESMTP id 7FE523A6991; Thu, 4 Jun 2009 15:27:06 -0700 (PDT) Message-ID: <000d01c9e563$971f6570$6400a8c0@quatrainsqvew9> From: kink-archive@lists.ietf.org To: Subject: loose weight Amazing antioxidant power of Acai Berry. Date: Thu, 4 Jun 2009 17:27:05 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0007_01C9E563.971F6570" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 This is a multi-part message in MIME format. ------=_NextPart_000_0007_01C9E563.971F6570 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable =20 If you have trouble viewing this e-mail, please click here. =20 =20 =20 =20 =20 Everyone Will Want=20 Your New Secret =20 ACAI BERRY Discover the secret today! Click right here =20 =20 =20 =20 =20 To review our Privacy Policy, please click here. To ensure the delivery of your informative updates = from Dr. Lark and the Daily Balance Team, please add kink-archive@lists.ietf.org = =20 to your email address book. =20 ************TO UNSUBSCRIBE************ You are receiving this e-mail at kink-archive@lists.ietf.org becaus= e you=20 indicated an interest in receiving special updates and offers from Dr. Lark. We hope that you find these updates helpful, but if you would rather not receive them, you can unsubscribe by clicking here. You will be immediately unsubscribed from our database. Remember, your personal= information=20 will only be used by Healthy Directions, LLC, for editorial and mar= keting purposes.=20 Thank you.=20 Daily Balance 101 Nola Cornett 81010 ------=_NextPart_000_0007_01C9E563.971F6570 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
click here.

Everyone
Will Want
Your = New Secret

ACAI BERRY

Discover the secret today!
Click right here=

To review our Privacy Policy, please click here.

To ensure the delivery of your informative updates = from Dr. Lark and the Daily Balance
Team, please add kink-archive@lists.ietf.org to your email address book.

************TO UNSUBSCRIBE************
You are receiving this e-mail at kink-archive@lists.ietf.org becaus= e you
indicated an interest in receiving special updates and offers from Dr. Lark.
We hope that you find these updates helpful, but if you would rather not
receive them, you can unsubscribe by clicking here. You will be
immediately unsubscribed from our database. Remember, your personal= information
will only be used by Healthy Directions, LLC, for editorial and mar= keting purposes.
Thank you.

Daily Balance
101 Nola
Cornett 81010

------=_NextPart_000_0007_01C9E563.971F6570-- From lawrenced@allencanning.com Fri Jun 5 21:06:55 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D25733A688D for ; Fri, 5 Jun 2009 21:06:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.047 X-Spam-Level: X-Spam-Status: No, score=-3.047 tagged_above=-999 required=5 tests=[BAYES_99=3.5, DRUGS_PAIN=0.01, FH_HELO_ALMOST_IP=5.417, FH_HOST_ALMOST_IP=1.889, HELO_DYNAMIC_DHCP=1.398, HELO_EQ_DSL=1.129, HTML_MESSAGE=0.001, J_CHICKENPOX_64=0.6, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_OBFU_HYDROCODONE=1.666, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S7Gbu0NWMGqT for ; Fri, 5 Jun 2009 21:06:48 -0700 (PDT) Received: from adsl-19-218-73.bna.bellsouth.net (adsl-19-218-73.bna.bellsouth.net [68.19.218.73]) by core3.amsl.com (Postfix) with SMTP id 874F53A6850 for ; Fri, 5 Jun 2009 21:06:42 -0700 (PDT) To: " Date: Fri, 5 Jun 2009 21:06:42 -0700 (PDT)
Tell a friend · Download latest version See this email as a webpage

Hello!

Shipped Privately And Discreetly To Your Door!
See this email as a webpage
  We want to put a great big grin on your face in 2009. You'll be to rejoice all year.  

Unsubscribe · Lost Password · Account Settings · Help · Terms of Service · Privacy

Ottho Heldringstraat 4, 23606 AZ Amsterdam, The Netherlands
From jose@abase.com Mon Jun 8 07:35:02 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5CCB03A6857 for ; Mon, 8 Jun 2009 07:35:02 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -28.351 X-Spam-Level: X-Spam-Status: No, score=-28.351 tagged_above=-999 required=5 tests=[BAYES_60=1, FH_RELAY_NODNS=1.451, HELO_MISMATCH_NET=0.611, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_NONE=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HoivwI60kwyy for ; Mon, 8 Jun 2009 07:34:56 -0700 (PDT) Received: from 2156.net (unknown [88.227.40.20]) by core3.amsl.com (Postfix) with SMTP id 1F47F3A682B for ; Mon, 8 Jun 2009 07:34:54 -0700 (PDT) To: krb-wg-archive@lists.ietf.org Subject: Pre-register info #725980 From: krb-wg-archive@lists.ietf.org MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090608143455.1F47F3A682B@core3.amsl.com> Date: Mon, 8 Jun 2009 07:34:54 -0700 (PDT)
Tell a friend | Download latest version See this email as a webpage

Hello!

Shipped Privately And Discreetly To Your Door!
See this email as a webpage
  We want to put a great big grin on your face in 2009. You'll be to rejoice all year.  

Unsubscribe | Lost Password | Account Settings | Help | Terms of Service | Privacy

Ottho Heldringstraat 8, 15146 AZ Amsterdam, The Netherlands
From ietf-krb-wg-bounces@lists.anl.gov Mon Jun 8 23:48:37 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0CEFB3A68EC for ; Mon, 8 Jun 2009 23:48:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.293 X-Spam-Level: X-Spam-Status: No, score=-4.293 tagged_above=-999 required=5 tests=[AWL=-1.693, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2PBpYFZzWHbr for ; Mon, 8 Jun 2009 23:48:36 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 021943A6BF3 for ; Mon, 8 Jun 2009 23:48:35 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 44BDB8A; Tue, 9 Jun 2009 01:48:41 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id C96D5BF; Tue, 9 Jun 2009 01:48:37 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 99D9C80E02; Tue, 9 Jun 2009 01:48:37 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 7E46080E01 for ; Tue, 9 Jun 2009 01:48:35 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 74B9612; Tue, 9 Jun 2009 01:48:35 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 6EEBB8A for ; Tue, 9 Jun 2009 01:48:35 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 6864D12 for ; Tue, 9 Jun 2009 01:48:35 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 5061E7CC0BA; Tue, 9 Jun 2009 01:48:35 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 29034-04; Tue, 9 Jun 2009 01:48:35 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 328F17CC09A for ; Tue, 9 Jun 2009 01:48:35 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AhoDAAOjLUrAEmIkc2dsb2JhbACYKwEMCgsHEgW1JYQKBQ X-IronPort-AV: E=Sophos;i="4.41,330,1241413200"; d="scan'208";a="27820696" Received: from brmea-mail-4.sun.com ([192.18.98.36]) by mailgateway.anl.gov with ESMTP; 09 Jun 2009 01:48:34 -0500 Received: from dm-central-02.central.sun.com ([129.147.62.5]) by brmea-mail-4.sun.com (8.13.6+Sun/8.12.9) with ESMTP id n596mYag015554 for ; Tue, 9 Jun 2009 06:48:34 GMT Received: from binky.Central.Sun.COM (binky.Central.Sun.COM [129.153.128.104]) by dm-central-02.central.sun.com (8.13.8+Sun/8.13.8/ENSMAIL, v2.2) with ESMTP id n596mYef053663 for ; Tue, 9 Jun 2009 00:48:34 -0600 (MDT) Received: from binky.Central.Sun.COM (localhost [127.0.0.1]) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3) with ESMTP id n596caTP004901 for ; Tue, 9 Jun 2009 01:38:36 -0500 (CDT) Received: (from nw141292@localhost) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3/Submit) id n596calN004900 for ietf-krb-wg@anl.gov; Tue, 9 Jun 2009 01:38:36 -0500 (CDT) X-Authentication-Warning: binky.Central.Sun.COM: nw141292 set sender to Nicolas.Williams@sun.com using -f Date: Tue, 9 Jun 2009 01:38:36 -0500 From: Nicolas Williams To: ietf-krb-wg@anl.gov Message-ID: <20090609063836.GD1049@Sun.COM> Mime-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.7i X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Subject: [Ietf-krb-wg] FAST comment X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov - KRB-FX-CF2() takes two keys and produces a third, but it's not clear what the enctype of the result should be. Either derive the enctype of the resulting key from the enctypes of the input keys or else make the result enctype an input argument. In the latter case, clarify what that input should be in all cases where KRB-FX-CF2() is used. So far that's my most significant comment. I've got some nits to make. Nico -- _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From longzhi.fleshood@alert-groep.nl Tue Jun 9 02:01:28 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F23F63A6E11 for ; Tue, 9 Jun 2009 02:01:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -16.109 X-Spam-Level: X-Spam-Status: No, score=-16.109 tagged_above=-999 required=5 tests=[BAYES_95=3, HELO_EQ_CZ=0.445, HOST_EQ_CZ=0.904, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_XBL=3.033, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0xQGzc7iTFx5 for ; Tue, 9 Jun 2009 02:01:21 -0700 (PDT) Received: from mail.chara.cz (mail.chara.cz [195.47.16.178]) by core3.amsl.com (Postfix) with SMTP id 2638A3A6E07 for ; Tue, 9 Jun 2009 02:01:18 -0700 (PDT) To: krb-wg-archive@lists.ietf.org Subject: BestBuy.com Deal of the Day From: krb-wg-archive@lists.ietf.org MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090609090120.2638A3A6E07@core3.amsl.com> Date: Tue, 9 Jun 2009 02:01:18 -0700 (PDT)
Tell a friend | Download latest version See this email as a webpage

Hello!

Shipped Privately And Discreetly To Your Door!
See this email as a webpage
  We want to put a great big grin on your face in 2009. You'll be to rejoice all year.  

Unsubscribe | Lost Password | Account Settings | Help | Terms of Service | Privacy

Ottho Heldringstraat 1, 98730 AZ Amsterdam, The Netherlands
From ietf-krb-wg-bounces@lists.anl.gov Tue Jun 9 08:45:19 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6F5133A6928 for ; Tue, 9 Jun 2009 08:45:19 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.576 X-Spam-Level: X-Spam-Status: No, score=-2.576 tagged_above=-999 required=5 tests=[AWL=0.023, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WwBuj+czKht0 for ; Tue, 9 Jun 2009 08:45:18 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 75DB33A6825 for ; Tue, 9 Jun 2009 08:45:18 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 8E42E123; Tue, 9 Jun 2009 10:45:24 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 5A607128; Tue, 9 Jun 2009 10:45:21 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id E51CD80E02; Tue, 9 Jun 2009 10:45:20 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 7A7C380E01 for ; Tue, 9 Jun 2009 10:45:19 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 73409122; Tue, 9 Jun 2009 10:45:19 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 6E5AF124 for ; Tue, 9 Jun 2009 10:45:19 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 69D07122 for ; Tue, 9 Jun 2009 10:45:19 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 5419F7CC06C; Tue, 9 Jun 2009 10:45:19 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 22513-01; Tue, 9 Jun 2009 10:45:19 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 2F7137CC05E for ; Tue, 9 Jun 2009 10:45:19 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApoEAFsgLkpFGcSy/2dsb2JhbADASYcIiFGECgU X-IronPort-AV: E=Sophos;i="4.41,333,1241413200"; d="scan'208";a="27838477" Received: from carter-zimmerman.suchdamage.org ([69.25.196.178]) by mailgateway.anl.gov with ESMTP; 09 Jun 2009 10:45:18 -0500 Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 5B8754141; Tue, 9 Jun 2009 11:45:08 -0400 (EDT) To: Nicolas Williams References: <20090609063836.GD1049@Sun.COM> From: Sam Hartman Date: Tue, 09 Jun 2009 11:45:08 -0400 In-Reply-To: <20090609063836.GD1049@Sun.COM> (Nicolas Williams's message of "Tue\, 9 Jun 2009 01\:38\:36 -0500") Message-ID: User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux) MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@anl.gov Subject: Re: [Ietf-krb-wg] FAST comment X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov >>>>> "Nicolas" == Nicolas Williams writes: Nicolas> - KRB-FX-CF2() takes two keys and produces a third, but Nicolas> it's not clear what the enctype of the result should be. Quoting the text: Quoting the top of page 18: Here the counter value 1, 2, 3 and so on are encoded as a one-octet integer. The pseudo-random() operation is specified by the enctype of the protocol key. PRF+() uses the counter to generate enough bits as needed by the random-to-key() [RFC3961] function for the encryption type specified for the resulting key; unneeded bits are removed from the tail. Unless otherwise specified, the resulting enctype of KRB-FX-CF2 is the enctype of k1. I believe that's well defined. Conceptually the resulting enctype is an input, but it has a default value which is always used in this spec. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From juwto@advantiv.co.uk Tue Jun 9 11:10:04 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CE2D03A6A6F for ; Tue, 9 Jun 2009 11:10:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.75 X-Spam-Level: X-Spam-Status: No, score=-5.75 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, GB_I_INVITATION=-2, HELO_DYNAMIC_IPADDR2=4.395, HELO_EQ_RU=0.595, HOST_EQ_BROADBND=1.118, HOST_EQ_RU=0.875, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_UNI=0.591, TVD_RCVD_IP=1.931, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xkrhGAA8Q7J2 for ; Tue, 9 Jun 2009 11:09:58 -0700 (PDT) Received: from 93-80-192-80.broadband.corbina.ru (93-80-192-80.broadband.corbina.ru [93.80.192.80]) by core3.amsl.com (Postfix) with SMTP id A0BCF3A69D0 for ; Tue, 9 Jun 2009 11:09:55 -0700 (PDT) To: krb-wg-archive@lists.ietf.org Subject: Invitation: 06 June From: krb-wg-archive@lists.ietf.org MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090609180956.A0BCF3A69D0@core3.amsl.com> Date: Tue, 9 Jun 2009 11:09:55 -0700 (PDT)
Tell a friend | Download latest version See this email as a webpage

Hello!

Shipped Privately And Discreetly To Your Door!
See this email as a webpage
  We want to put a great big grin on your face in 2009. You'll be to rejoice all year.  

Unsubscribe | Lost Password | Account Settings | Help | Terms of Service | Privacy

Ottho Heldringstraat 0, 00954 AZ Amsterdam, The Netherlands
From melissa.mak@afgtrust.com Wed Jun 10 00:20:03 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 148883A6C92 for ; Wed, 10 Jun 2009 00:20:03 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -11.87 X-Spam-Level: X-Spam-Status: No, score=-11.87 tagged_above=-999 required=5 tests=[BAYES_95=3, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, RDNS_NONE=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Gcnf-akYbryu for ; Wed, 10 Jun 2009 00:19:56 -0700 (PDT) Received: from 3drealms.com (unknown [87.18.41.204]) by core3.amsl.com (Postfix) with SMTP id EBF013A68E6 for ; Wed, 10 Jun 2009 00:19:54 -0700 (PDT) To: krb-wg-archive@lists.ietf.org Subject: BestBuy.com Deal of the Day From: krb-wg-archive@lists.ietf.org MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090610071954.EBF013A68E6@core3.amsl.com> Date: Wed, 10 Jun 2009 00:19:54 -0700 (PDT)
Tell a friend | Download latest version See this email as a webpage

Hello!

Shipped Privately And Discreetly To Your Door!
See this email as a webpage
  We want to put a great big grin on your face in 2009. You'll be to rejoice all year.  

Unsubscribe | Lost Password | Account Settings | Help | Terms of Service | Privacy

Ottho Heldringstraat 7, 66870 AZ Amsterdam, The Netherlands
From ietf-krb-wg-bounces@lists.anl.gov Wed Jun 10 01:05:59 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 56D783A689E for ; Wed, 10 Jun 2009 01:05:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.598 X-Spam-Level: X-Spam-Status: No, score=-102.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id etB3NXiPR10a for ; Wed, 10 Jun 2009 01:05:58 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 63D803A67AD for ; Wed, 10 Jun 2009 01:05:58 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id C11B8122; Wed, 10 Jun 2009 03:06:04 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 017D6129; Wed, 10 Jun 2009 03:06:00 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id A532D2CC040; Wed, 10 Jun 2009 03:06:00 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id F1B3680E01 for ; Wed, 10 Jun 2009 03:05:58 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id EA9F755; Wed, 10 Jun 2009 03:05:58 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id E432C5B for ; Wed, 10 Jun 2009 03:05:58 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id DC5C255 for ; Wed, 10 Jun 2009 03:05:58 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id C44877CC0BC; Wed, 10 Jun 2009 03:05:58 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 31292-08; Wed, 10 Jun 2009 03:05:58 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 87D8A7CC05C for ; Wed, 10 Jun 2009 03:05:58 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AiIAABUGL0qDa3PWkWdsb2JhbACCUZRHgRkBAQEBCQsKBxIGnFOYEYQMBYhX X-IronPort-AV: E=Sophos;i="4.41,339,1241413200"; d="scan'208,217";a="27866026" Received: from mailc.microsoft.com (HELO smtp.microsoft.com) ([131.107.115.214]) by mailgateway.anl.gov with ESMTP; 10 Jun 2009 03:05:57 -0500 Received: from TK5EX14MLTC102.redmond.corp.microsoft.com (157.54.79.180) by TK5-EXGWY-E803.partners.extranet.microsoft.com (10.251.56.169) with Microsoft SMTP Server (TLS) id 8.2.99.4; Wed, 10 Jun 2009 01:05:57 -0700 Received: from TK5EX14MLTW652.wingroup.windeploy.ntdev.microsoft.com (157.54.71.68) by TK5EX14MLTC102.redmond.corp.microsoft.com (157.54.79.180) with Microsoft SMTP Server id 14.0.582.9; Wed, 10 Jun 2009 01:05:55 -0700 Received: from TK5EX14MBXW651.wingroup.windeploy.ntdev.microsoft.com ([169.254.1.90]) by TK5EX14MLTW652.wingroup.windeploy.ntdev.microsoft.com ([157.54.71.68]) with mapi; Wed, 10 Jun 2009 01:05:55 -0700 From: Larry Zhu To: Srinivas Cheruku , 'Sam Hartman' Thread-Topic: [Ietf-krb-wg] Benefits of using FAST in TGS Thread-Index: Acnep6Z+KX36PbR0T365Z7kCVld+oQK82WJw Date: Wed, 10 Jun 2009 08:05:54 +0000 Message-ID: References: <4a1cfe0a.11435e0a.7ea1.0b76@mx.google.com> In-Reply-To: <4a1cfe0a.11435e0a.7ea1.0b76@mx.google.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: "ietf-krb-wg@anl.gov" Subject: Re: [Ietf-krb-wg] Benefits of using FAST in TGS X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============1931935891554304981==" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov --===============1931935891554304981== Content-Language: en-US Content-Type: multipart/alternative; boundary="_000_D3DC9D45B39CFC4CB312B2DD279B354C04B28FTK5EX14MBXW651win_" --_000_D3DC9D45B39CFC4CB312B2DD279B354C04B28FTK5EX14MBXW651win_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Additionally it gives us the ability to hide the client name in the TGS rep= ly. it is a big deal to have the ability to sign Kerberos errors. From: ietf-krb-wg-bounces@lists.anl.gov [mailto:ietf-krb-wg-bounces@lists.a= nl.gov] On Behalf Of Srinivas Cheruku Sent: Wednesday, May 27, 2009 1:47 AM To: 'Sam Hartman' Cc: ietf-krb-wg@anl.gov Subject: [Ietf-krb-wg] Benefits of using FAST in TGS Sam, What are the big benefits of using FAST in TGS? 1. In case of any error, KRB-ERROR data would be protected 2. The request body is protected using FAST. 3. The pre-auth data PA-TGS-REQ is outside fast. So, non-encrypted fi= elds in AP-REQ are still vulnerable. Is there any big risk? Is this padata = outside FAST for any interoperability reason with non FAST KDCs? 4. Is there any other pre-auth data PA-TGS-REQ, that can be used in T= GS-REQ and this can be protected by FAST? Thanks, Srini --_000_D3DC9D45B39CFC4CB312B2DD279B354C04B28FTK5EX14MBXW651win_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Additionally it gives us= the ability to hide the client name in the TGS reply. it is a big deal to have the abil= ity to sign Kerberos errors.

 =

 =

From: ietf-krb-wg-bounces@lists.anl.gov [mailto:ietf-krb-wg-bounces@lists.anl.gov= ] On Behalf Of Srinivas Cheruku
Sent: Wednesday, May 27, 2009 1:47 AM
To: 'Sam Hartman'
Cc: ietf-krb-wg@anl.gov
Subject: [Ietf-krb-wg] Benefits of using FAST in TGS

 

Sam,

 

What are the big benefits of using = FAST in TGS?

1.&n= bsp;      In case of any error, KRB= -ERROR data would be protected

2.&n= bsp;      The request body is prote= cted using FAST.

3.&n= bsp;      The pre-auth data PA-TGS-= REQ is outside fast. So, non-encrypted fields in AP-REQ are still vulnerable. Is t= here any big risk? Is this padata outside FAST for any interoperability reason w= ith non FAST KDCs?

4.&n= bsp;      Is there any other pre-au= th data PA-TGS-REQ, that can be used in TGS-REQ and this can be protected by F= AST?

&= nbsp;

Thanks= ,
Srini

&= nbsp;

--_000_D3DC9D45B39CFC4CB312B2DD279B354C04B28FTK5EX14MBXW651win_-- --===============1931935891554304981== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg --===============1931935891554304981==-- From ietf-krb-wg-bounces@lists.anl.gov Wed Jun 10 02:02:19 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 47DE13A6DD8 for ; Wed, 10 Jun 2009 02:02:19 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.599 X-Spam-Level: X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.001, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jpYLMLvBbNNX for ; Wed, 10 Jun 2009 02:02:18 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 62BF83A693E for ; Wed, 10 Jun 2009 02:02:18 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id C65FC141; Wed, 10 Jun 2009 04:02:24 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 6A2C218D; Wed, 10 Jun 2009 04:02:24 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 3CA7A80E02; Wed, 10 Jun 2009 04:02:24 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 04E9280E01 for ; Wed, 10 Jun 2009 04:02:23 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 005E2141; Wed, 10 Jun 2009 04:02:23 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id EFB87150 for ; Wed, 10 Jun 2009 04:02:22 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id EB235141 for ; Wed, 10 Jun 2009 04:02:22 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id D4DC57CC0C2; Wed, 10 Jun 2009 04:02:22 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 02565-03; Wed, 10 Jun 2009 04:02:22 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id B1E817CC093 for ; Wed, 10 Jun 2009 04:02:22 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AiIAAO4SL0qDa3PWkWdsb2JhbACYMQEBAQEJCwoHEgacUpgYhAwF X-IronPort-AV: E=Sophos;i="4.41,339,1241413200"; d="scan'208";a="27866919" Received: from mailc.microsoft.com (HELO smtp.microsoft.com) ([131.107.115.214]) by mailgateway.anl.gov with ESMTP; 10 Jun 2009 04:02:22 -0500 Received: from TK5EX14MLTC101.redmond.corp.microsoft.com (157.54.79.178) by TK5-EXGWY-E803.partners.extranet.microsoft.com (10.251.56.169) with Microsoft SMTP Server (TLS) id 8.2.99.4; Wed, 10 Jun 2009 02:02:21 -0700 Received: from TK5EX14MLTW651.wingroup.windeploy.ntdev.microsoft.com (157.54.71.39) by TK5EX14MLTC101.redmond.corp.microsoft.com (157.54.79.178) with Microsoft SMTP Server id 14.0.582.9; Wed, 10 Jun 2009 02:02:10 -0700 Received: from TK5EX14MBXW651.wingroup.windeploy.ntdev.microsoft.com ([169.254.1.90]) by TK5EX14MLTW651.wingroup.windeploy.ntdev.microsoft.com ([157.54.71.39]) with mapi; Wed, 10 Jun 2009 02:00:43 -0700 From: Larry Zhu To: "ietf-krb-wg@anl.gov" Thread-Topic: Interop issues related to TGS subkeys Thread-Index: Acnpqe8QtxgM7aLjTEudE2Eb/Gd1jQ== Date: Wed, 10 Jun 2009 09:00:42 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Subject: [Ietf-krb-wg] Interop issues related to TGS subkeys X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov Jeff wrote: > True, but that list derives from the list of key usages in RFC4120 7.5.1, >which uses the same language, implying that it was intended that the TGS >session key always be used in this case. Similarly, the entry for key >usage 10 implies the same intent for other AP-REQs. However, that section >is a list of key usage values, and was not intended to specify which data > should be encrypted or checksummed with which keys, so the implication is > rather weak. I think we should clarify this more explicitly. Agreed. The intend is implied from RFC4120 but it could be made more explicit. >Do we know of any existing clients which support RC4 and use subkeys in > tgs-reqs? Particularly, do any Windows clients do this? No existing deployed windows clients would do populate the subkey in the TGS. ghudson wrote: > 3. tgs-req subkeys + enc-authorization-data = key ambiguity It is great to hear that this is now fixed in 1.7. >1. tgs-req subkeys + RC4 keys = key usage issue ws2k8 and later releses are doing the right thing on the KDC side, but the client side still uses T=8 to decrypt the KDC reply even if the subkey is populated. So it is hard to make a call in this case. So for backward compatibility with the existing deployment, it would be wise not to use the subkey unless you are using FAST. >2. tgs-req subkeys + keyed checkum types = checksum key ambiguity The observed behavior is expected and the incorrect behavior was fixed in the later releases. The intention of RFC4120 is noted by Jeff in the beginning of this message. So for backward compatibility with the existing deployment, it would be wise not to use the subkey unless you are using FAST. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Wed Jun 10 06:26:43 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0A5353A6DD5 for ; Wed, 10 Jun 2009 06:26:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.578 X-Spam-Level: X-Spam-Status: No, score=-2.578 tagged_above=-999 required=5 tests=[AWL=0.021, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kiiyXeQ9K7rM for ; Wed, 10 Jun 2009 06:26:41 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id A96303A6CDA for ; Wed, 10 Jun 2009 06:26:41 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 6F1B04C; Wed, 10 Jun 2009 08:26:48 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 9E658155; Wed, 10 Jun 2009 08:26:46 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 72DFB2CC03F; Wed, 10 Jun 2009 08:26:46 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 8A28580E05 for ; Wed, 10 Jun 2009 08:26:44 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 7CE1011; Wed, 10 Jun 2009 08:26:44 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 7814A43 for ; Wed, 10 Jun 2009 08:26:44 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 71EE111 for ; Wed, 10 Jun 2009 08:26:44 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 5B6297CC0C9; Wed, 10 Jun 2009 08:26:44 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 14693-06; Wed, 10 Jun 2009 08:26:44 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 3D2477CC073 for ; Wed, 10 Jun 2009 08:26:44 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApoEAAtRL0pFGcSy/2dsb2JhbAC9aYdtiFGEDQU X-IronPort-AV: E=Sophos;i="4.41,341,1241413200"; d="scan'208";a="27876011" Received: from carter-zimmerman.suchdamage.org ([69.25.196.178]) by mailgateway.anl.gov with ESMTP; 10 Jun 2009 08:26:43 -0500 Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 58FEF4141; Wed, 10 Jun 2009 09:26:30 -0400 (EDT) To: ietf-krb-wg@anl.gov From: Sam Hartman Date: Wed, 10 Jun 2009 09:26:30 -0400 Message-ID: User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux) MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Subject: [Ietf-krb-wg] FAST and unknown armor X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov I noticed that FAST does not say what error to return if you received a FAST request with unknown armor type. I propose that we return KDC_ERR_PREAUTH_FAILED in that case. Another valid option would be to ignor the fast padata entirely. I prefer to return an error. This message should not be taken as a withdrawl of my request to send FAST to WGLC. This issue is clearly small enough to handle during an LC. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Wed Jun 10 07:11:03 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2D3083A6841 for ; Wed, 10 Jun 2009 07:11:03 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.299 X-Spam-Level: X-Spam-Status: No, score=-2.299 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_8BIT_HEADER=0.3] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S4linKfamb69 for ; Wed, 10 Jun 2009 07:10:53 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 2DF9E3A67E4 for ; Wed, 10 Jun 2009 07:10:53 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id EFAE9155; Wed, 10 Jun 2009 09:10:59 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 388A543; Wed, 10 Jun 2009 09:10:59 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 2040C80E05; Wed, 10 Jun 2009 09:10:59 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 1F81C80E02 for ; Wed, 10 Jun 2009 09:10:57 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 0FFDB43; Wed, 10 Jun 2009 09:10:57 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 0B0D54C for ; Wed, 10 Jun 2009 09:10:57 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 056F743 for ; Wed, 10 Jun 2009 09:10:57 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id E33347CC0CD; Wed, 10 Jun 2009 09:10:56 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 26052-09; Wed, 10 Jun 2009 09:10:56 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id C36B07CC095 for ; Wed, 10 Jun 2009 09:10:56 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Ai4EAJdbL0qC7SCga2dsb2JhbACYMw0MCQcSBbYpgkyBQQU X-IronPort-AV: E=Sophos;i="4.41,341,1241413200"; d="scan'208";a="27878292" Received: from smtp-2.sys.kth.se ([130.237.32.160]) by mailgateway.anl.gov with ESMTP; 10 Jun 2009 09:10:56 -0500 Received: from localhost (localhost [127.0.0.1]) by smtp-2.sys.kth.se (Postfix) with ESMTP id E4BE314D834 for ; Wed, 10 Jun 2009 16:10:54 +0200 (CEST) X-Virus-Scanned: by amavisd-new at kth.se Received: from smtp-2.sys.kth.se ([127.0.0.1]) by localhost (smtp-2.sys.kth.se [127.0.0.1]) (amavisd-new, port 10024) with LMTP id XEIpkrKcMitx for ; Wed, 10 Jun 2009 16:10:50 +0200 (CEST) Received: from [10.0.1.3] (99-52-202-108.lightspeed.snjsca.sbcglobal.net [99.52.202.108]) by smtp-2.sys.kth.se (Postfix) with ESMTP id AE31814C135 for ; Wed, 10 Jun 2009 16:10:49 +0200 (CEST) From: =?iso-8859-1?Q?Love_H=F6rnquist_=C5strand?= Date: Wed, 10 Jun 2009 07:10:46 -0700 Message-Id: To: Kerberos-wg - Mime-Version: 1.0 (Apple Message framework v1067.3) X-Mailer: Apple Mail (2.1067.3) X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Subject: [Ietf-krb-wg] framework-12 comments X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed"; DelSp="yes" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov -12 contains the following comment o Whether the contents of the KDC reply can be verified by the client principal I find "client principal" to be unclear. How can "lha@H5L.ORG" or lha verify the reply. Maybe the client implementation can verify the reply using external configuration, is that "client principal" ? Love _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Wed Jun 10 09:36:21 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CFB223A6DD8 for ; Wed, 10 Jun 2009 09:36:21 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.212 X-Spam-Level: X-Spam-Status: No, score=-4.212 tagged_above=-999 required=5 tests=[AWL=-1.613, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rBk0gufUbdgL for ; Wed, 10 Jun 2009 09:36:15 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id C5E433A6CFD for ; Wed, 10 Jun 2009 09:36:15 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 448F615A; Wed, 10 Jun 2009 11:36:19 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id B9CAD4D; Wed, 10 Jun 2009 11:36:15 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 894DD80E02; Wed, 10 Jun 2009 11:36:15 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id F362280E01 for ; Wed, 10 Jun 2009 11:36:13 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id ED8F73E; Wed, 10 Jun 2009 11:36:13 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id E8D8943 for ; Wed, 10 Jun 2009 11:36:13 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id E330D3E for ; Wed, 10 Jun 2009 11:36:13 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id CC0647CC0CF; Wed, 10 Jun 2009 11:36:13 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 05764-10; Wed, 10 Jun 2009 11:36:13 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id ABBAD7CC0C9 for ; Wed, 10 Jun 2009 11:36:13 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AoMBAJd9L0rAEisWlGdsb2JhbACYMwEBAQEJCwgJEgW3dIQNBQ X-IronPort-AV: E=Sophos;i="4.41,342,1241413200"; d="scan'208";a="27888122" Received: from sca-ea-mail-4.sun.com ([192.18.43.22]) by mailgateway.anl.gov with ESMTP; 10 Jun 2009 11:36:13 -0500 Received: from dm-central-01.central.sun.com ([129.147.62.4]) by sca-ea-mail-4.sun.com (8.13.6+Sun/8.12.9) with ESMTP id n5AGaCvr020008 for ; Wed, 10 Jun 2009 16:36:12 GMT Received: from binky.Central.Sun.COM (binky.Central.Sun.COM [129.153.128.104]) by dm-central-01.central.sun.com (8.13.8+Sun/8.13.8/ENSMAIL, v2.2) with ESMTP id n5AGaB9l037146 for ; Wed, 10 Jun 2009 10:36:12 -0600 (MDT) Received: from binky.Central.Sun.COM (localhost [127.0.0.1]) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3) with ESMTP id n5AGQDAb005832; Wed, 10 Jun 2009 11:26:13 -0500 (CDT) Received: (from nw141292@localhost) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3/Submit) id n5AGQCo0005831; Wed, 10 Jun 2009 11:26:12 -0500 (CDT) X-Authentication-Warning: binky.Central.Sun.COM: nw141292 set sender to Nicolas.Williams@sun.com using -f Date: Wed, 10 Jun 2009 11:26:12 -0500 From: Nicolas Williams To: Srinivas Cheruku Message-ID: <20090610162612.GQ1049@Sun.COM> References: <4a1cfe0a.11435e0a.7ea1.0b76@mx.google.com> Mime-Version: 1.0 Content-Disposition: inline In-Reply-To: <4a1cfe0a.11435e0a.7ea1.0b76@mx.google.com> User-Agent: Mutt/1.5.7i X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@anl.gov, 'Sam Hartman' Subject: Re: [Ietf-krb-wg] Benefits of using FAST in TGS X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov On Wed, May 27, 2009 at 02:16:39PM +0530, Srinivas Cheruku wrote: > What are the big benefits of using FAST in TGS? > > 1. In case of any error, KRB-ERROR data would be protected This is crucial. > 2. The request body is protected using FAST. > > 3. The pre-auth data PA-TGS-REQ is outside fast. So, non-encrypted > fields in AP-REQ are still vulnerable. Is there any big risk? Is this padata > outside FAST for any interoperability reason with non FAST KDCs? AP-REQ has very little cleartext, but, in any case, KrbFastArmoredReq's req-checksum covers the PA-TGS-REQ. > 4. Is there any other pre-auth data PA-TGS-REQ, that can be used in > TGS-REQ and this can be protected by FAST? Good point. Today the answer is no. And with FAST the answer is that any additional PA needed in some future TGS extension ought to go inside FAST anyways. Nico -- _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From machicolateddd@acequia.com Wed Jun 10 10:31:47 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 402233A6B44 for ; Wed, 10 Jun 2009 10:31:47 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.174 X-Spam-Level: X-Spam-Status: No, score=-4.174 tagged_above=-999 required=5 tests=[BAYES_95=3, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_HCC=4.295, HELO_DYNAMIC_IPADDR2=4.395, HELO_EQ_BR=0.955, HOST_EQ_BR=1.295, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RDNS_DYNAMIC=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FaDJFQidtSJx for ; Wed, 10 Jun 2009 10:31:46 -0700 (PDT) Received: from 189-55-7-181-nd.cpe.vivax.com.br (189-55-7-181-nd.cpe.vivax.com.br [189.55.7.181]) by core3.amsl.com (Postfix) with SMTP id 5BA763A6A24 for ; Wed, 10 Jun 2009 10:31:44 -0700 (PDT) To: krb-wg-archive@lists.ietf.org Subject: BestBuy.com Deal of the Day From: krb-wg-archive@lists.ietf.org MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090610173145.5BA763A6A24@core3.amsl.com> Date: Wed, 10 Jun 2009 10:31:44 -0700 (PDT)
Tell a friend | Download latest version See this email as a webpage

Hello!

Shipped Privately And Discreetly To Your Door!
See this email as a webpage
  We want to put a great big grin on your face in 2009. You'll be to rejoice all year.  

Unsubscribe | Lost Password | Account Settings | Help | Terms of Service | Privacy

Ottho Heldringstraat 3, 59853 AZ Amsterdam, The Netherlands
From ietf-krb-wg-bounces@lists.anl.gov Wed Jun 10 11:49:54 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7405F3A69A1 for ; Wed, 10 Jun 2009 11:49:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.714 X-Spam-Level: X-Spam-Status: No, score=-1.714 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_FONT_FACE_BAD=0.884, HTML_MESSAGE=0.001] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TJ0wIqGDjoWS for ; Wed, 10 Jun 2009 11:49:51 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 63B063A6A1F for ; Wed, 10 Jun 2009 11:49:51 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id EEA0C53; Wed, 10 Jun 2009 13:49:57 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 68CA259; Wed, 10 Jun 2009 13:49:56 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 4FCAC80E02; Wed, 10 Jun 2009 13:49:56 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id D372680E01 for ; Wed, 10 Jun 2009 13:49:54 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id BB8CA7CC0BF; Wed, 10 Jun 2009 13:49:54 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 07689-06; Wed, 10 Jun 2009 13:49:54 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 846127CC098 for ; Wed, 10 Jun 2009 13:49:54 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AmIBADidL0oSBwdQkWdsb2JhbACCJC6VYgEBAQEJCwoHEgWnaIdkiFGEDQU X-IronPort-AV: E=Sophos;i="4.42,197,1243832400"; d="scan'208,217";a="27895438" Received: from biscayne-one-station.mit.edu ([18.7.7.80]) by mailgateway.anl.gov with ESMTP; 10 Jun 2009 13:49:54 -0500 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id n5AInqVj027360 for ; Wed, 10 Jun 2009 14:49:52 -0400 (EDT) Received: from WEST-NINETYTWO-FIVE-SEVENTY.MIT.EDU (WEST-NINETYTWO-FIVE-SEVENTY.MIT.EDU [18.18.7.59]) (authenticated bits=0) (User authenticated as tsitkova@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id n5AInppL013269 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT) for ; Wed, 10 Jun 2009 14:49:52 -0400 (EDT) Message-Id: <9DDFD513-08E3-4062-AD28-3B8C4785042F@mit.edu> From: Zhanna Tsitkova To: ietf-krb-wg@lists.anl.gov Mime-Version: 1.0 (Apple Message framework v930.3) Date: Wed, 10 Jun 2009 14:49:51 -0400 X-Mailer: Apple Mail (2.930.3) X-Scanned-By: MIMEDefang 2.42 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Subject: [Ietf-krb-wg] move to SHA-2 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============8821967088674075409==" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov --===============8821967088674075409== Content-Type: multipart/alternative; boundary=Apple-Mail-49-64619251 --Apple-Mail-49-64619251 Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Hello! I am writing to propose the upgrading of the Kerberos cryptosystem with the additional hash functions from SHA-2 family to ensure the compliance with NIST's Policy on hash functions http://csrc.nist.gov/groups/ST/hash/policy.html : " Federal agencies should stop using SHA-1 for digital signatures, digital time stamping and other applications that require collision resistance as soon as practical, and must use the SHA-2 family of hash functions for these applications after 2010. After 2010, Federal agencies may use SHA-1 only for the following applications: hash-based message authentication codes (HMACs); key derivation functions (KDFs); and random number generators (RNGs). Regardless of use, NIST encourages application and protocol designers to use the SHA-2 family of hash functions for all new applications and protocols." This work would introduce new aes128 and aes256 based encryption and checksum types to the existing Kerberos protocol. Regards, Zhanna Tsitkova --Apple-Mail-49-64619251 Content-Type: text/html; charset=US-ASCII Content-Transfer-Encoding: quoted-printable http://csrc.nist.= gov/groups/ST/hash/policy.html:
" Federal agencies should stop using SHA-1 for = digital signatures, digital time stamping and other applications that = require collision resistance as soon as practical, and must use the = SHA-2 family of hash functions for these applications after 2010. After = 2010, Federal agencies may use SHA-1 only for the following = applications: hash-based message authentication codes (HMACs); key = derivation functions (KDFs); and random number generators (RNGs). = Regardless of use, NIST encourages application and protocol designers to = use the SHA-2 family of hash functions for all new applications and = protocols."

This work would = introduce new aes128 and aes256 based encryption and checksum types to = the existing Kerberos = protocol.

Regards,
Zhanna = Tsitkova


= --Apple-Mail-49-64619251-- --===============8821967088674075409== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg --===============8821967088674075409==-- From ietf-krb-wg-bounces@lists.anl.gov Wed Jun 10 13:30:36 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 68A3E3A67BD for ; Wed, 10 Jun 2009 13:30:36 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.421 X-Spam-Level: X-Spam-Status: No, score=-2.421 tagged_above=-999 required=5 tests=[AWL=-0.122, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2dfVC3tklgVa for ; Wed, 10 Jun 2009 13:30:35 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 640803A6AFE for ; Wed, 10 Jun 2009 13:30:35 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 15E5659; Wed, 10 Jun 2009 15:30:42 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 9D81156; Wed, 10 Jun 2009 15:30:40 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 712B480E02; Wed, 10 Jun 2009 15:30:40 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 344C280E01 for ; Wed, 10 Jun 2009 15:30:38 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 2524359; Wed, 10 Jun 2009 15:30:38 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 203B55A for ; Wed, 10 Jun 2009 15:30:38 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 1A47159 for ; Wed, 10 Jun 2009 15:30:38 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 024C37CC0C7; Wed, 10 Jun 2009 15:30:38 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 29993-07; Wed, 10 Jun 2009 15:30:37 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id D88527CC060 for ; Wed, 10 Jun 2009 15:30:37 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApoEAKa0L0pFGcSy/2dsb2JhbADBBIdhiFGCTIFBBQ X-IronPort-AV: E=Sophos;i="4.42,197,1243832400"; d="scan'208";a="27900205" Received: from carter-zimmerman.suchdamage.org ([69.25.196.178]) by mailgateway.anl.gov with ESMTP; 10 Jun 2009 15:30:37 -0500 Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 63D634141; Wed, 10 Jun 2009 16:30:24 -0400 (EDT) To: Love =?iso-8859-1?Q?H=F6rnquist_=C5strand?= References: From: Sam Hartman Date: Wed, 10 Jun 2009 16:30:24 -0400 In-Reply-To: ("Love =?iso-8859-1?Q?H=F6rnquist_=C5strand=22's?= message of "Wed\, 10 Jun 2009 07\:10\:46 -0700") Message-ID: User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux) MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: Kerberos-wg - Subject: Re: [Ietf-krb-wg] framework-12 comments X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov >>>>> "Love" =3D=3D Love H=F6rnquist =C5strand writes: Love> -12 contains the following comment o Whether the contents of Love> the KDC reply can be verified by the client principal Love> I find "client principal" to be unclear. How can Love> "lha@H5L.ORG" or lha verify the reply. Love> Maybe the client implementation can verify the reply using Love> external configuration, is that "client principal" ? The intent here is to discuss whether the entity named by the client kerberos principal can verify the reply. The client host often cannot verify the reply because the client host does not know whether the KDC is being spoofed without an ap-req exchange. However the client principal--you for example--know that you are not spoofing the KDC. That plus the party on the other end knowing the right long-term key is sufficient for you to verify the KDC reply. Often we use client principal as a shorthand for the name of the client principal. I'm not using it that way. I'd be happy if you'd like to suggest more clear text. Would "entity named by the client principal" be more clear? _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Wed Jun 10 13:35:00 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F35E03A69B0 for ; Wed, 10 Jun 2009 13:34:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.298 X-Spam-Level: X-Spam-Status: No, score=-2.298 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K93KStagZA42 for ; Wed, 10 Jun 2009 13:34:54 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 0C6FF3A681D for ; Wed, 10 Jun 2009 13:34:54 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id E8374166; Wed, 10 Jun 2009 15:35:00 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id C86471D; Wed, 10 Jun 2009 15:35:00 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id A6B6480E02; Wed, 10 Jun 2009 15:35:00 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id BBC0680E01 for ; Wed, 10 Jun 2009 15:34:58 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id B5AD312F; Wed, 10 Jun 2009 15:34:58 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id AFEC458 for ; Wed, 10 Jun 2009 15:34:58 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 91A0856 for ; Wed, 10 Jun 2009 15:34:58 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 798CF7CC0C7; Wed, 10 Jun 2009 15:34:58 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 31128-02-2; Wed, 10 Jun 2009 15:34:58 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 4BD1E7CC0D0 for ; Wed, 10 Jun 2009 15:34:58 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Au8CANO1L0oR/g0XlGdsb2JhbACCJC6DfpFqAQEBAQkLCAkSBad2kD6CTIFBBYha X-IronPort-AV: E=Sophos;i="4.42,197,1243832400"; d="scan'208,217";a="27900455" Received: from mail-out4.apple.com ([17.254.13.23]) by mailgateway.anl.gov with ESMTP; 10 Jun 2009 15:34:57 -0500 Received: from relay13.apple.com (relay13.apple.com [17.128.113.29]) by mail-out4.apple.com (Postfix) with ESMTP id 15284673F8E3 for ; Wed, 10 Jun 2009 13:34:57 -0700 (PDT) Received: from relay13.apple.com (unknown [127.0.0.1]) by relay13.apple.com (Symantec Brightmail Gateway) with ESMTP id F153228087 for ; Wed, 10 Jun 2009 13:34:56 -0700 (PDT) X-AuditID: 1180711d-a3df7bb000005f4f-cb-4a3018f0c4f0 Received: from elliott.apple.com (elliott.apple.com [17.151.62.13]) by relay13.apple.com (Apple SCV relay) with ESMTP id CC7882804E for ; Wed, 10 Jun 2009 13:34:56 -0700 (PDT) MIME-version: 1.0 Received: from [10.1.10.100] ([192.42.249.6]) by elliott.apple.com (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008; 32bit)) with ESMTPSA id <0KL1005XNII8A330@elliott.apple.com> for ietf-krb-wg@anl.gov; Wed, 10 Jun 2009 13:34:56 -0700 (PDT) From: =?iso-8859-1?Q?Love_H=F6rnquist_=C5strand?= In-reply-to: Date: Wed, 10 Jun 2009 13:34:56 -0700 Message-id: <425E585D-8095-4780-A082-F65D1A5DB8B9@kth.se> References: To: Sam Hartman X-Mailer: Apple Mail (2.1067.3) X-Brightmail-Tracker: AAAAAA== X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: Kerberos-wg - Subject: Re: [Ietf-krb-wg] framework-12 comments X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============2599545622903936058==" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov --===============2599545622903936058== Content-type: multipart/alternative; boundary="Boundary_(ID_EsQwe0w19Ti7LHthfWxSjQ)" --Boundary_(ID_EsQwe0w19Ti7LHthfWxSjQ) Content-type: text/plain; charset=us-ascii; format=flowed; delsp=yes Content-transfer-encoding: 7BIT 10 jun 2009 kl. 13:30 skrev Sam Hartman: > Love> Maybe the client implementation can verify the reply using > Love> external configuration, is that "client principal" ? > > The intent here is to discuss whether the entity named by the client > kerberos principal can verify the reply. > > The client host often cannot verify the reply because the client host > does not know whether the KDC is being spoofed without an ap-req > exchange. The client can verify the the reply if the KDC have a fast preauth type using public key crypto and configuration on client. Talking about the "client principal" make no sense in this case. The flag is if the reply is verfied, so remove everything about client principal and just say "reply verfied" ? Love --Boundary_(ID_EsQwe0w19Ti7LHthfWxSjQ) Content-type: text/html; charset=us-ascii Content-transfer-encoding: quoted-printable
   Love> Maybe = the client implementation can verify the reply = using
   Love> external configuration, is that = "client principal" ?

The intent here is to discuss whether the = entity named by the client
kerberos principal can verify the = reply.

The client host often cannot verify the reply because the = client host
does not know whether the KDC is being spoofed without an = ap-req
exchange.

The=  client can verify the the reply if&nbs= p;the KDC have a fast preauth type usin= g public key crypto and configuration on client. Talking = about the "client principal" make no sense in this = case.

The flag is if the reply is verfied, so = remove everything about client principal and just say "reply verfied" = ?

Love


= = --Boundary_(ID_EsQwe0w19Ti7LHthfWxSjQ)-- --===============2599545622903936058== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg --===============2599545622903936058==-- From ietf-krb-wg-bounces@lists.anl.gov Wed Jun 10 13:53:13 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EC9DA3A6C14 for ; Wed, 10 Jun 2009 13:53:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.415 X-Spam-Level: X-Spam-Status: No, score=-2.415 tagged_above=-999 required=5 tests=[AWL=-0.116, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rAAa+BuaGQD9 for ; Wed, 10 Jun 2009 13:53:13 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id A53D13A69EC for ; Wed, 10 Jun 2009 13:53:12 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id A1C1B15F; Wed, 10 Jun 2009 15:53:19 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 3E3FE58; Wed, 10 Jun 2009 15:53:19 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 281DC80E02; Wed, 10 Jun 2009 15:53:19 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id B24C880E01 for ; Wed, 10 Jun 2009 15:53:17 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id A58DB53; Wed, 10 Jun 2009 15:53:17 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id A061759 for ; Wed, 10 Jun 2009 15:53:17 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 9B7FD58 for ; Wed, 10 Jun 2009 15:53:17 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 84C367CC073; Wed, 10 Jun 2009 15:53:17 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 02823-01; Wed, 10 Jun 2009 15:53:17 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 5CFD07CC0D1 for ; Wed, 10 Jun 2009 15:53:17 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApoEAIO6L0pFGcSy/2dsb2JhbADAcIdUiFGCTIFBBQ X-IronPort-AV: E=Sophos;i="4.42,197,1243832400"; d="scan'208";a="27901313" Received: from carter-zimmerman.suchdamage.org ([69.25.196.178]) by mailgateway.anl.gov with ESMTP; 10 Jun 2009 15:53:05 -0500 Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id A31A14141; Wed, 10 Jun 2009 16:52:52 -0400 (EDT) To: Love =?iso-8859-1?Q?H=F6rnquist_=C5strand?= References: <425E585D-8095-4780-A082-F65D1A5DB8B9@kth.se> From: Sam Hartman Date: Wed, 10 Jun 2009 16:52:52 -0400 In-Reply-To: <425E585D-8095-4780-A082-F65D1A5DB8B9@kth.se> ("Love =?iso-8859-1?Q?H=F6rnquist_=C5strand=22's?= message of "Wed\, 10 Jun 2009 13\:34\:56 -0700") Message-ID: User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux) MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: Kerberos-wg - , Sam Hartman Subject: Re: [Ietf-krb-wg] framework-12 comments X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov >>>>> "Love" =3D=3D Love H=F6rnquist =C5strand writes: Love> The client can verify the the reply if the KDC have a fast Love> preauth type using public key crypto and configuration on Love> client. Talking about the "client principal" make no sense Love> in this case. True, but not what this flag is about. Love> The flag is if the reply is verfied, so remove everything Love> about client principal and just say "reply verfied" ? I think that would make things ambiguous. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Wed Jun 10 14:34:09 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C020A3A681D for ; Wed, 10 Jun 2009 14:34:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.298 X-Spam-Level: X-Spam-Status: No, score=-2.298 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qiC3QKNZ11Hm for ; Wed, 10 Jun 2009 14:34:08 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 7E9B23A67AC for ; Wed, 10 Jun 2009 14:34:08 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 81A1815F; Wed, 10 Jun 2009 16:34:15 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 10BFD5A; Wed, 10 Jun 2009 16:34:12 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id ED77780E02; Wed, 10 Jun 2009 16:34:11 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 9789980E01 for ; Wed, 10 Jun 2009 16:34:10 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 8ADDD5A; Wed, 10 Jun 2009 16:34:10 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 85D4812F for ; Wed, 10 Jun 2009 16:34:10 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 6AD0D5A for ; Wed, 10 Jun 2009 16:34:10 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 54C5B7CC089; Wed, 10 Jun 2009 16:34:10 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 10269-02; Wed, 10 Jun 2009 16:34:10 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 258497CC0CB for ; Wed, 10 Jun 2009 16:34:09 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AtgGAOzDL0qC7SCga2dsb2JhbACCJC6VaA0MCQcSBbgPgkyBQQWIWg X-IronPort-AV: E=Sophos;i="4.42,197,1243832400"; d="scan'208,217";a="27902849" Received: from smtp-2.sys.kth.se ([130.237.32.160]) by mailgateway.anl.gov with ESMTP; 10 Jun 2009 16:34:09 -0500 Received: from localhost (localhost [127.0.0.1]) by smtp-2.sys.kth.se (Postfix) with ESMTP id 2514E14D7D6; Wed, 10 Jun 2009 23:34:08 +0200 (CEST) X-Virus-Scanned: by amavisd-new at kth.se Received: from smtp-2.sys.kth.se ([127.0.0.1]) by localhost (smtp-2.sys.kth.se [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 3bqnzAXe-7v9; Wed, 10 Jun 2009 23:34:07 +0200 (CEST) Received: from [IPv6:2620::1b07:21:21e:c2ff:fec5:249f] (unknown [IPv6:2620:0:1b07:21:21e:c2ff:fec5:249f]) by smtp-2.sys.kth.se (Postfix) with ESMTP id CFCE314D7CC; Wed, 10 Jun 2009 23:34:05 +0200 (CEST) Mime-Version: 1.0 (Apple Message framework v1067.3) From: =?iso-8859-1?Q?Love_H=F6rnquist_=C5strand?= In-Reply-To: Date: Wed, 10 Jun 2009 14:33:26 -0700 Message-Id: References: <425E585D-8095-4780-A082-F65D1A5DB8B9@kth.se> To: Sam Hartman X-Mailer: Apple Mail (2.1067.3) X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: Kerberos-wg - Subject: Re: [Ietf-krb-wg] framework-12 comments X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============2150811740378884223==" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov --===============2150811740378884223== Content-Type: multipart/alternative; boundary=Apple-Mail-1470-74434392 --Apple-Mail-1470-74434392 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=iso-8859-1; format=flowed 10 jun 2009 kl. 13:52 skrev Sam Hartman: >>>>>> "Love" =3D=3D Love H=F6rnquist =C5strand writes: > Love> The client can verify the the reply if the KDC have a fast > Love> preauth type using public key crypto and configuration on > Love> client. Talking about the "client principal" make no sense > Love> in this case. > > True, but not what this flag is about. Then I don't understand what the flag is all about and why we need it. > Love> The flag is if the reply is verfied, so remove everything > Love> about client principal and just say "reply verfied" ? > > I think that would make things ambiguous. Love --Apple-Mail-1470-74434392 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=iso-8859-1
"Love" =3D=3D Love H=F6rnquist = =C5strand <lha@kth.se> = writes:
   Love> The client can verify the the reply if the = KDC have a fast
   Love> preauth type using public = key crypto and configuration on
   Love> client. = Talking about the "client principal" make no sense
=    Love> in this case.

True, but not what this = flag is about.

Then I don't = understand what the flag is all about and why we need = it.

   = Love> The flag is if the reply is verfied, so remove everything
=    Love> about client principal and just say "reply = verfied" ?

I think that would make things ambiguous.


=
Love


= --Apple-Mail-1470-74434392-- --===============2150811740378884223== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg --===============2150811740378884223==-- From ietf-krb-wg-bounces@lists.anl.gov Wed Jun 10 14:42:24 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5A3AD3A6C3C for ; Wed, 10 Jun 2009 14:42:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.409 X-Spam-Level: X-Spam-Status: No, score=-2.409 tagged_above=-999 required=5 tests=[AWL=-0.110, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sGN50-9J1fZB for ; Wed, 10 Jun 2009 14:42:23 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 8524A3A6BA3 for ; Wed, 10 Jun 2009 14:42:23 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 899EA168; Wed, 10 Jun 2009 16:42:30 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 4B62E5A; Wed, 10 Jun 2009 16:42:30 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id EFADB80E02; Wed, 10 Jun 2009 16:42:29 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id EDF7A80E01 for ; Wed, 10 Jun 2009 16:42:27 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id E7E4F1D; Wed, 10 Jun 2009 16:42:27 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id E351F12F for ; Wed, 10 Jun 2009 16:42:27 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id DD6941D for ; Wed, 10 Jun 2009 16:42:27 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id C57697CC0CB; Wed, 10 Jun 2009 16:42:27 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 11532-02; Wed, 10 Jun 2009 16:42:27 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id A7DFC7CC089 for ; Wed, 10 Jun 2009 16:42:27 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApoEAA7FL0pFGcSy/2dsb2JhbADATAWHTYhRgj8egTAF X-IronPort-AV: E=Sophos;i="4.42,197,1243832400"; d="scan'208";a="27903105" Received: from carter-zimmerman.suchdamage.org ([69.25.196.178]) by mailgateway.anl.gov with ESMTP; 10 Jun 2009 16:42:27 -0500 Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 9B4224141; Wed, 10 Jun 2009 17:42:14 -0400 (EDT) To: Love =?iso-8859-1?Q?H=F6rnquist_=C5strand?= References: <425E585D-8095-4780-A082-F65D1A5DB8B9@kth.se> From: Sam Hartman Date: Wed, 10 Jun 2009 17:42:14 -0400 In-Reply-To: ("Love =?iso-8859-1?Q?H=F6rnquist_=C5strand=22's?= message of "Wed\, 10 Jun 2009 14\:33\:26 -0700") Message-ID: User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux) MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: Kerberos-wg - , Sam Hartman Subject: Re: [Ietf-krb-wg] framework-12 comments X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov >>>>> "Love" =3D=3D Love H=F6rnquist =C5strand writes: Love> Then I don't understand what the flag is all about and why Love> we need it. OK. Kerberos today gives a weak form of KDC verification. It's notthird-party verifyable. However, if you know the client password and no one is spoofing the KDC, you can get this level of verification by being able to decrypt the as-rep. This flag tracks whether you have at least that confidence in the KDC reply. Examples of things that clear this flag: anonymous pkinit. Examples of things that set this flag: using the long-term key for something; signing the reply with a digital signature. This flag needs to be distinguished from a stronger form of KDC verification that might also be provided. A mechanism might prove the KDC identity to the client implementation independent of concerns about spoofing. Examples include an ap-req or signing the KDC reply. The pre-auth framework does not care about this stronger form of KDC verification,but needs to be clear in what is' providing. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From mouse@allegria.co.uk Wed Jun 10 16:28:20 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2D9763A6951 for ; Wed, 10 Jun 2009 16:28:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -42.127 X-Spam-Level: X-Spam-Status: No, score=-42.127 tagged_above=-999 required=5 tests=[BAYES_95=3, FH_RELAY_NODNS=1.451, HELO_EQ_NL=0.55, HELO_MISMATCH_NL=1.448, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_NONE=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_JP_SURBL=10, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J27ThCL9QmkK for ; Wed, 10 Jun 2009 16:28:18 -0700 (PDT) Received: from akron.nl (unknown [96.237.64.137]) by core3.amsl.com (Postfix) with SMTP id 147143A6358 for ; Wed, 10 Jun 2009 16:28:17 -0700 (PDT) To: krb-wg-archive@lists.ietf.org Subject: Last time... From: krb-wg-archive@lists.ietf.org MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090610232818.147143A6358@core3.amsl.com> Date: Wed, 10 Jun 2009 16:28:17 -0700 (PDT)
Tell a friend | Download latest version See this email as a webpage

Hello!

Shipped Privately And Discreetly To Your Door!
See this email as a webpage
  We want to put a great big grin on your face in 2009. You'll be to rejoice all year.  

Unsubscribe | Lost Password | Account Settings | Help | Terms of Service | Privacy

Ottho Heldringstraat 3, 13802 AZ Amsterdam, The Netherlands
From ietf-krb-wg-bounces@lists.anl.gov Wed Jun 10 18:57:33 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id ED4203A69B2 for ; Wed, 10 Jun 2009 18:57:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.299 X-Spam-Level: X-Spam-Status: No, score=-2.299 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_8BIT_HEADER=0.3] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X4hZSV8ozOq5 for ; Wed, 10 Jun 2009 18:57:33 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 060C53A6B91 for ; Wed, 10 Jun 2009 18:57:33 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id F1B8042; Wed, 10 Jun 2009 20:57:39 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 1722248; Wed, 10 Jun 2009 20:57:38 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id DE5BB80E02; Wed, 10 Jun 2009 20:57:37 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 7232480E01 for ; Wed, 10 Jun 2009 20:57:36 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 6340B42; Wed, 10 Jun 2009 20:57:36 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 5E79548 for ; Wed, 10 Jun 2009 20:57:36 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 57F9642 for ; Wed, 10 Jun 2009 20:57:36 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 41E667CC0E2; Wed, 10 Jun 2009 20:57:36 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 04576-09; Wed, 10 Jun 2009 20:57:36 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 238AE7CC0DF for ; Wed, 10 Jun 2009 20:57:35 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AloBANMAMEoR/g0WlGdsb2JhbACYOgEBAQEJCwgJEgWmaZAQgj8egTAFiFo X-IronPort-AV: E=Sophos;i="4.42,199,1243832400"; d="scan'208";a="27908373" Received: from mail-out3.apple.com ([17.254.13.22]) by mailgateway.anl.gov with ESMTP; 10 Jun 2009 20:57:35 -0500 Received: from relay11.apple.com (relay11.apple.com [17.128.113.48]) by mail-out3.apple.com (Postfix) with ESMTP id 1CCDD642EB3C for ; Wed, 10 Jun 2009 18:57:35 -0700 (PDT) Received: from relay11.apple.com (unknown [127.0.0.1]) by relay11.apple.com (Symantec Brightmail Gateway) with ESMTP id 085DE28084 for ; Wed, 10 Jun 2009 18:57:35 -0700 (PDT) X-AuditID: 11807130-a34d8bb0000025da-48-4a30648ec667 Received: from elliott.apple.com (elliott.apple.com [17.151.62.13]) by relay11.apple.com (Apple SCV relay) with ESMTP id E7C5F28082 for ; Wed, 10 Jun 2009 18:57:34 -0700 (PDT) MIME-version: 1.0 Received: from [17.244.24.199] by elliott.apple.com (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008; 32bit)) with ESMTPSA id <0KL100510XFYA380@elliott.apple.com> for ietf-krb-wg@anl.gov; Wed, 10 Jun 2009 18:57:34 -0700 (PDT) From: =?iso-8859-1?Q?Love_H=F6rnquist_=C5strand?= In-reply-to: Date: Wed, 10 Jun 2009 18:57:34 -0700 Message-id: <6AA48720-1E00-4924-803C-3AE9DA9243B8@kth.se> References: <425E585D-8095-4780-A082-F65D1A5DB8B9@kth.se> To: Sam Hartman X-Mailer: Apple Mail (2.1067.3) X-Brightmail-Tracker: AAAAAA== X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: Kerberos-wg - Subject: Re: [Ietf-krb-wg] framework-12 comments X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"; DelSp="yes" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov 10 jun 2009 kl. 14:42 skrev Sam Hartman: >>>>>> "Love" =3D=3D Love H=F6rnquist =C5strand writes: > > Love> Then I don't understand what the flag is all about and why > Love> we need it. > > OK. Kerberos today gives a weak form of KDC verification. It's > notthird-party verifyable. However, if you know the client password > and no one is spoofing the KDC, you can get this level of verification > by being able to decrypt the as-rep. > > This flag tracks whether you have at least that confidence in the = > KDC reply. > > Examples of things that clear this flag: anonymous pkinit. Examples > of things that set this flag: using the long-term key for something; > signing the reply with a digital signature. > > This flag needs to be distinguished from a stronger form of KDC > verification that might also be provided. A mechanism might prove the > KDC identity to the client implementation independent of concerns > about spoofing. Examples include an ap-req or signing the KDC reply. > The pre-auth framework does not care about this stronger form of KDC > verification,but needs to be clear in what is' providing. So since this is a generic code path, the stronger form result in what = flag been set ? And how does later code determine is a stronger method have been used, = for example, anon-anon-dh + signed reply ? Love _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Wed Jun 10 19:17:01 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DC3EB3A6C35 for ; Wed, 10 Jun 2009 19:17:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DaS+ZRXuRjnY for ; Wed, 10 Jun 2009 19:16:55 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 8868B3A6C3E for ; Wed, 10 Jun 2009 19:16:55 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id A386415F; Wed, 10 Jun 2009 21:17:02 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 8ED5C6A; Wed, 10 Jun 2009 21:17:02 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 4DA4D80E02; Wed, 10 Jun 2009 21:17:02 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id C56B980E01 for ; Wed, 10 Jun 2009 21:17:00 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id A48857CC0E4; Wed, 10 Jun 2009 21:17:00 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 05784-10; Wed, 10 Jun 2009 21:17:00 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 82F897CC087 for ; Wed, 10 Jun 2009 21:17:00 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AkMBAIwFMEoSBwdQkWdsb2JhbACYOQEBAQEJCwoHEgWmU4c9iFGEDQWIWg X-IronPort-AV: E=Sophos;i="4.42,199,1243832400"; d="scan'208";a="27908628" Received: from biscayne-one-station.mit.edu ([18.7.7.80]) by mailgateway.anl.gov with ESMTP; 10 Jun 2009 21:17:00 -0500 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id n5B2GwCP015178; Wed, 10 Jun 2009 22:16:58 -0400 (EDT) Received: from [10.0.0.172] (c-66-30-113-194.hsd1.ma.comcast.net [66.30.113.194]) (authenticated bits=0) (User authenticated as raeburn@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id n5B2GvYw026328 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Wed, 10 Jun 2009 22:16:58 -0400 (EDT) From: Ken Raeburn To: Zhanna Tsitkova In-Reply-To: <9DDFD513-08E3-4062-AD28-3B8C4785042F@mit.edu> References: <9DDFD513-08E3-4062-AD28-3B8C4785042F@mit.edu> Message-Id: Mime-Version: 1.0 (Apple Message framework v935.3) Date: Wed, 10 Jun 2009 22:16:57 -0400 X-Mailer: Apple Mail (2.935.3) X-Scanned-By: MIMEDefang 2.42 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@lists.anl.gov Subject: Re: [Ietf-krb-wg] move to SHA-2 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed"; DelSp="yes" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov On Jun 10, 2009, at 14:49, Zhanna Tsitkova wrote: > Hello! > > I am writing to propose the upgrading of the Kerberos cryptosystem > with the additional hash functions from SHA-2 family to ensure the > compliance with NIST's Policy on hash functions http://csrc.nist.gov/groups/ST/hash/policy.html > : That's easy enough to do. I wonder, though, if we want to go further and switch to GCM or some such, and punt on the SHA hash functions altogether. -- Ken Raeburn / raeburn@mit.edu / no longer at MIT Kerberos Consortium _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Wed Jun 10 19:42:20 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 714FA3A6999 for ; Wed, 10 Jun 2009 19:42:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZtL-2jbCmpLo for ; Wed, 10 Jun 2009 19:42:19 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 5EDE93A68C4 for ; Wed, 10 Jun 2009 19:42:19 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 7F79646; Wed, 10 Jun 2009 21:42:26 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 5A51A6A; Wed, 10 Jun 2009 21:42:24 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 4C86180E02; Wed, 10 Jun 2009 21:42:24 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id BABCE80E01 for ; Wed, 10 Jun 2009 21:42:22 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 9D9897CC0E2; Wed, 10 Jun 2009 21:42:22 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 07482-08; Wed, 10 Jun 2009 21:42:22 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 7D1137CC0D5 for ; Wed, 10 Jun 2009 21:42:22 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApoEAGoLMErYmtea/2dsb2JhbADPSYQNBYha X-IronPort-AV: E=Sophos;i="4.42,199,1243832400"; d="scan'208";a="27908993" Received: from us.padl.com ([216.154.215.154]) by mailgateway.anl.gov with ESMTP; 10 Jun 2009 21:42:22 -0500 Received: by us.padl.com with ESMTP id n5B2gDC0018114; Wed, 10 Jun 2009 22:42:18 -0400 References: <9DDFD513-08E3-4062-AD28-3B8C4785042F@mit.edu> Message-Id: <7F2B5748-07DD-4429-8BF4-B0119E8DD5C3@padl.com> From: Luke Howard To: Ken Raeburn In-Reply-To: X-Mailer: iPhone Mail (5G77) Mime-Version: 1.0 (iPhone Mail 5G77) Date: Thu, 11 Jun 2009 12:42:09 +1000 X-SMTP-Vilter-Version: 1.3.6 X-Spamd-Symbols: ALL_TRUSTED,AWL,BAYES_00 X-SMTP-Vilter-Spam-Backend: spamd X-Spam-Threshold: 5.0 X-Spam-Probability: -0.9 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: "ietf-krb-wg@lists.anl.gov" , Zhanna Tsitkova Subject: Re: [Ietf-krb-wg] move to SHA-2 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed"; DelSp="yes" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov Should write up the CCM implementation in the aes-ccm branch... Sent from my iPhone On 11/06/2009, at 12:16 PM, Ken Raeburn wrote: > On Jun 10, 2009, at 14:49, Zhanna Tsitkova wrote: >> Hello! >> >> I am writing to propose the upgrading of the Kerberos cryptosystem >> with the additional hash functions from SHA-2 family to ensure the >> compliance with NIST's Policy on hash functions http://csrc.nist.gov/groups/ST/hash/policy.html >> : > > That's easy enough to do. I wonder, though, if we want to go > further and switch to GCM or some such, and punt on the SHA hash > functions altogether. > > -- > Ken Raeburn / raeburn@mit.edu / no longer at MIT Kerberos Consortium > > _______________________________________________ > ietf-krb-wg mailing list > ietf-krb-wg@lists.anl.gov > https://lists.anl.gov/mailman/listinfo/ietf-krb-wg > _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Wed Jun 10 20:08:15 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 82B733A684C for ; Wed, 10 Jun 2009 20:08:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.449 X-Spam-Level: X-Spam-Status: No, score=-102.449 tagged_above=-999 required=5 tests=[AWL=-0.150, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d0vTq+BxdzMB for ; Wed, 10 Jun 2009 20:08:14 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 788EB3A6822 for ; Wed, 10 Jun 2009 20:08:14 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id A305B48; Wed, 10 Jun 2009 22:08:21 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 3B0EE59; Wed, 10 Jun 2009 22:08:19 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id E3EFA80E02; Wed, 10 Jun 2009 22:08:18 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 0DE8F80E01 for ; Wed, 10 Jun 2009 22:08:17 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 00A0346; Wed, 10 Jun 2009 22:08:17 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id F12CB42 for ; Wed, 10 Jun 2009 22:08:16 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id D42A346 for ; Wed, 10 Jun 2009 22:08:16 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id BAFD87CC0E4; Wed, 10 Jun 2009 22:08:16 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 09184-07; Wed, 10 Jun 2009 22:08:16 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 876237CC0E6 for ; Wed, 10 Jun 2009 22:08:16 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AjkAAGYSMEqDa3PWkWdsb2JhbACYOAEBAQEJCwoHEgaeYYdlj32CPx6BMAWIWg X-IronPort-AV: E=Sophos;i="4.42,199,1243832400"; d="scan'208";a="27909322" Received: from mail3.microsoft.com (HELO smtp.microsoft.com) ([131.107.115.214]) by mailgateway.anl.gov with ESMTP; 10 Jun 2009 22:08:11 -0500 Received: from TK5EX14MLTC103.redmond.corp.microsoft.com (157.54.79.174) by TK5-EXGWY-E803.partners.extranet.microsoft.com (10.251.56.169) with Microsoft SMTP Server (TLS) id 8.2.99.4; Wed, 10 Jun 2009 20:08:10 -0700 Received: from TK5EX14MLTW652.wingroup.windeploy.ntdev.microsoft.com (157.54.71.68) by TK5EX14MLTC103.redmond.corp.microsoft.com (157.54.79.174) with Microsoft SMTP Server id 14.0.582.9; Wed, 10 Jun 2009 20:08:10 -0700 Received: from TK5EX14MBXW651.wingroup.windeploy.ntdev.microsoft.com ([169.254.1.90]) by TK5EX14MLTW652.wingroup.windeploy.ntdev.microsoft.com ([157.54.71.68]) with mapi; Wed, 10 Jun 2009 20:08:10 -0700 From: Larry Zhu To: =?iso-8859-1?Q?Love_H=F6rnquist_=C5strand?= , Sam Hartman Thread-Topic: [Ietf-krb-wg] framework-12 comments Thread-Index: AQHJ6hRR7q7BbY0BpkGWJjWsqhqciJBBESkA//+d9wA= Date: Thu, 11 Jun 2009 03:08:08 +0000 Message-ID: References: <425E585D-8095-4780-A082-F65D1A5DB8B9@kth.se> <6AA48720-1E00-4924-803C-3AE9DA9243B8@kth.se> In-Reply-To: <6AA48720-1E00-4924-803C-3AE9DA9243B8@kth.se> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: Kerberos-wg - Subject: Re: [Ietf-krb-wg] framework-12 comments X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov Perhaps it is less ambiguous to say "Whether the origin of the KDC reply ca= n be verified by the client principal"? -----Original Message----- From: ietf-krb-wg-bounces@lists.anl.gov [mailto:ietf-krb-wg-bounces@lists.a= nl.gov] On Behalf Of Love H=F6rnquist =C5strand Sent: Wednesday, June 10, 2009 6:58 PM To: Sam Hartman Cc: Kerberos-wg - Subject: Re: [Ietf-krb-wg] framework-12 comments 10 jun 2009 kl. 14:42 skrev Sam Hartman: >>>>>> "Love" =3D=3D Love H=F6rnquist =C5strand writes: > > Love> Then I don't understand what the flag is all about and why > Love> we need it. > > OK. Kerberos today gives a weak form of KDC verification. It's > notthird-party verifyable. However, if you know the client password > and no one is spoofing the KDC, you can get this level of verification > by being able to decrypt the as-rep. > > This flag tracks whether you have at least that confidence in the > KDC reply. > > Examples of things that clear this flag: anonymous pkinit. Examples > of things that set this flag: using the long-term key for something; > signing the reply with a digital signature. > > This flag needs to be distinguished from a stronger form of KDC > verification that might also be provided. A mechanism might prove the > KDC identity to the client implementation independent of concerns > about spoofing. Examples include an ap-req or signing the KDC reply. > The pre-auth framework does not care about this stronger form of KDC > verification,but needs to be clear in what is' providing. So since this is a generic code path, the stronger form result in what flag been set ? And how does later code determine is a stronger method have been used, for example, anon-anon-dh + signed reply ? Love _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Wed Jun 10 23:28:48 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D10983A6973 for ; Wed, 10 Jun 2009 23:28:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.139 X-Spam-Level: X-Spam-Status: No, score=-4.139 tagged_above=-999 required=5 tests=[AWL=-1.540, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CqtAUkPE3q9x for ; Wed, 10 Jun 2009 23:28:47 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 84DA33A67A7 for ; Wed, 10 Jun 2009 23:28:47 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 666636A; Thu, 11 Jun 2009 01:28:54 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id AA21E3B; Thu, 11 Jun 2009 01:28:49 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 77C2D80E02; Thu, 11 Jun 2009 01:28:49 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id CA2FF80E01 for ; Thu, 11 Jun 2009 01:28:47 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id AA62B7CC0E9; Thu, 11 Jun 2009 01:28:47 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 22113-04; Thu, 11 Jun 2009 01:28:47 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 85A847CC09E for ; Thu, 11 Jun 2009 01:28:47 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AoMDAEhBMErAEmIkc2dsb2JhbACYPQEMCgsHEgW2eIQKBQ X-IronPort-AV: E=Sophos;i="4.42,200,1243832400"; d="scan'208";a="27911932" Received: from brmea-mail-4.sun.com ([192.18.98.36]) by mailgateway.anl.gov with ESMTP; 11 Jun 2009 01:28:46 -0500 Received: from dm-central-02.central.sun.com ([129.147.62.5]) by brmea-mail-4.sun.com (8.13.6+Sun/8.12.9) with ESMTP id n5B6SkZv022860 for ; Thu, 11 Jun 2009 06:28:46 GMT Received: from binky.Central.Sun.COM (binky.Central.Sun.COM [129.153.128.104]) by dm-central-02.central.sun.com (8.13.8+Sun/8.13.8/ENSMAIL, v2.2) with ESMTP id n5B6SkHR022834 for ; Thu, 11 Jun 2009 00:28:46 -0600 (MDT) Received: from binky.Central.Sun.COM (localhost [127.0.0.1]) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3) with ESMTP id n5B6Ilt7006492; Thu, 11 Jun 2009 01:18:47 -0500 (CDT) Received: (from nw141292@localhost) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3/Submit) id n5B6Il5e006491; Thu, 11 Jun 2009 01:18:47 -0500 (CDT) X-Authentication-Warning: binky.Central.Sun.COM: nw141292 set sender to Nicolas.Williams@sun.com using -f Date: Thu, 11 Jun 2009 01:18:47 -0500 From: Nicolas Williams To: Luke Howard Message-ID: <20090611061846.GM1049@Sun.COM> References: <9DDFD513-08E3-4062-AD28-3B8C4785042F@mit.edu> <7F2B5748-07DD-4429-8BF4-B0119E8DD5C3@padl.com> Mime-Version: 1.0 Content-Disposition: inline In-Reply-To: <7F2B5748-07DD-4429-8BF4-B0119E8DD5C3@padl.com> User-Agent: Mutt/1.5.7i X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: "ietf-krb-wg@lists.anl.gov" , Ken Raeburn , Zhanna Tsitkova Subject: Re: [Ietf-krb-wg] move to SHA-2 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov On Thu, Jun 11, 2009 at 12:42:09PM +1000, Luke Howard wrote: > On 11/06/2009, at 12:16 PM, Ken Raeburn wrote: > >That's easy enough to do. I wonder, though, if we want to go > >further and switch to GCM or some such, and punt on the SHA hash > >functions altogether. Well, the crypto framework would require updating. > Should write up the CCM implementation in the aes-ccm branch... Yes, a write up on the changes to the crypto framework borne out by implementation experience would be handy. Nico -- _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Thu Jun 11 07:45:24 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 997B928C121 for ; Thu, 11 Jun 2009 07:45:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q2Rb15kddcBg for ; Thu, 11 Jun 2009 07:45:23 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 69B1728C118 for ; Thu, 11 Jun 2009 07:45:23 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id CA2DF98; Thu, 11 Jun 2009 09:45:30 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 91CC296; Thu, 11 Jun 2009 09:45:26 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 77C9C80E08; Thu, 11 Jun 2009 09:45:26 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id EF0BE80E07 for ; Thu, 11 Jun 2009 09:45:24 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id D8CB17CC081; Thu, 11 Jun 2009 09:45:24 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 32070-04; Thu, 11 Jun 2009 09:45:24 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id BA0977CC05E for ; Thu, 11 Jun 2009 09:45:24 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AnQBAEu1MEoSBwdQkWdsb2JhbACYPwEBAQEJCwoHEgWnKYcIiFGECgWIWg X-IronPort-AV: E=Sophos;i="4.42,203,1243832400"; d="scan'208";a="27926715" Received: from biscayne-one-station.mit.edu ([18.7.7.80]) by mailgateway.anl.gov with ESMTP; 11 Jun 2009 09:45:24 -0500 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id n5BEjMSD014900; Thu, 11 Jun 2009 10:45:22 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id n5BEjLoq009400 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 11 Jun 2009 10:45:22 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9.20060308) id n5BEjL9V007991; Thu, 11 Jun 2009 10:45:21 -0400 (EDT) To: Ken Raeburn References: <9DDFD513-08E3-4062-AD28-3B8C4785042F@mit.edu> From: Tom Yu Date: Thu, 11 Jun 2009 10:45:21 -0400 In-Reply-To: (Ken Raeburn's message of "Wed, 10 Jun 2009 22:16:57 -0400") Message-ID: Lines: 30 MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.42 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@lists.anl.gov, Zhanna Tsitkova Subject: Re: [Ietf-krb-wg] move to SHA-2 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov Ken Raeburn writes: > On Jun 10, 2009, at 14:49, Zhanna Tsitkova wrote: >> Hello! >> >> I am writing to propose the upgrading of the Kerberos cryptosystem >> with the additional hash functions from SHA-2 family to ensure the >> compliance with NIST's Policy on hash functions >> http://csrc.nist.gov/groups/ST/hash/policy.html : > > That's easy enough to do. I wonder, though, if we want to go further > and switch to GCM or some such, and punt on the SHA hash functions > altogether. Let us consider the most expedient yet sound way to do this. Adopting GCM and CCM will take substantially more specification work than "add new AES cryptosystems that use SHA-2 in place of SHA-1 everywhere", so I prefer that we take the latter, simpler, approach. NIST wants to phase out SHA-1 by 2010, so we should try to have a SHA-2 solution in place by then. I know that the 2010 timeline does not apply to uses of SHA-1 requiring preimage resistance such as in as the hash of an HMAC, but the simplistic message that many people not in the cryptographic community will hear is "no SHA-1 after 2010". We could consider AEAD-capable modes such as GCM and CCM as a longer-term project, given that there appears to be some interest in AEAD-capable modes. Would people with interest in modes like GCM or CCM please speak up so that we have some idea of how to prioritize that work? _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Thu Jun 11 11:21:06 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3A3513A6A87 for ; Thu, 11 Jun 2009 11:21:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.072 X-Spam-Level: X-Spam-Status: No, score=-4.072 tagged_above=-999 required=5 tests=[AWL=-1.473, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gaX5+P1Fsp4Y for ; Thu, 11 Jun 2009 11:21:05 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 25E603A687F for ; Thu, 11 Jun 2009 11:21:05 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 6FC65C5; Thu, 11 Jun 2009 13:21:12 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 8610898; Thu, 11 Jun 2009 13:21:10 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 6422180E07; Thu, 11 Jun 2009 13:21:10 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id 0003580E01 for ; Thu, 11 Jun 2009 13:21:08 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id DE1757CC0F5; Thu, 11 Jun 2009 13:21:08 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 27789-01; Thu, 11 Jun 2009 13:21:08 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 767D17CC095 for ; Thu, 11 Jun 2009 13:21:08 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AsMBAK/nMErAEisYlGdsb2JhbACYPwEBAQEJCwgJEgW4EoQKBYha X-IronPort-AV: E=Sophos;i="4.42,203,1243832400"; d="scan'208";a="27938816" Received: from sca-ea-mail-1.sun.com ([192.18.43.24]) by mailgateway.anl.gov with ESMTP; 11 Jun 2009 13:21:07 -0500 Received: from dm-central-02.central.sun.com ([129.147.62.5]) by sca-ea-mail-1.sun.com (8.13.7+Sun/8.12.9) with ESMTP id n5BIL7LG002439 for ; Thu, 11 Jun 2009 18:21:07 GMT Received: from binky.Central.Sun.COM (binky.Central.Sun.COM [129.153.128.104]) by dm-central-02.central.sun.com (8.13.8+Sun/8.13.8/ENSMAIL, v2.2) with ESMTP id n5BIL6UO035750 for ; Thu, 11 Jun 2009 12:21:06 -0600 (MDT) Received: from binky.Central.Sun.COM (localhost [127.0.0.1]) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3) with ESMTP id n5BIB3dP006753; Thu, 11 Jun 2009 13:11:03 -0500 (CDT) Received: (from nw141292@localhost) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3/Submit) id n5BIB3ju006752; Thu, 11 Jun 2009 13:11:03 -0500 (CDT) X-Authentication-Warning: binky.Central.Sun.COM: nw141292 set sender to Nicolas.Williams@sun.com using -f Date: Thu, 11 Jun 2009 13:11:02 -0500 From: Nicolas Williams To: Tom Yu Message-ID: <20090611181102.GQ1049@Sun.COM> References: <9DDFD513-08E3-4062-AD28-3B8C4785042F@mit.edu> Mime-Version: 1.0 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.7i X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@lists.anl.gov, Zhanna Tsitkova Subject: Re: [Ietf-krb-wg] move to SHA-2 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov On Thu, Jun 11, 2009 at 10:45:21AM -0400, Tom Yu wrote: > Let us consider the most expedient yet sound way to do this. Adopting > GCM and CCM will take substantially more specification work than "add > new AES cryptosystems that use SHA-2 in place of SHA-1 everywhere", so > I prefer that we take the latter, simpler, approach. I agree. Moreover, we'll get the most benefit from AEAD cipher modes in the context of the GSS-API, and we wouldn't have to do quite as much work to get the Kerberos GSS mechanism to use AEAD cipher modes as we would to get all of Kerberos to use AEAD cipher modes. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Thu Jun 11 13:05:39 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 58FC03A6A93 for ; Thu, 11 Jun 2009 13:05:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.524 X-Spam-Level: X-Spam-Status: No, score=-2.524 tagged_above=-999 required=5 tests=[AWL=0.075, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fxQ9C8ilpG+J for ; Thu, 11 Jun 2009 13:05:38 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 4DBFD3A6808 for ; Thu, 11 Jun 2009 13:05:38 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id EA293E2; Thu, 11 Jun 2009 15:05:45 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id D52C4D7; Thu, 11 Jun 2009 15:05:42 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id C05B080E07; Thu, 11 Jun 2009 15:05:42 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 2410A80E01 for ; Thu, 11 Jun 2009 15:05:42 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 1DFE2D7; Thu, 11 Jun 2009 15:05:42 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 18D1CDA for ; Thu, 11 Jun 2009 15:05:42 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 11E57D7 for ; Thu, 11 Jun 2009 15:05:42 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id F02077CC05E; Thu, 11 Jun 2009 15:05:41 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 19127-08; Thu, 11 Jun 2009 15:05:41 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id D0FD77CC05A for ; Thu, 11 Jun 2009 15:05:41 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApoEAEsAMUpFGcSy/2dsb2JhbADBG4cIiFGECgWIWg X-IronPort-AV: E=Sophos;i="4.42,204,1243832400"; d="scan'208";a="27943714" Received: from carter-zimmerman.suchdamage.org ([69.25.196.178]) by mailgateway.anl.gov with ESMTP; 11 Jun 2009 15:05:40 -0500 Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 0FAB84141; Thu, 11 Jun 2009 16:05:26 -0400 (EDT) To: Tom Yu References: <9DDFD513-08E3-4062-AD28-3B8C4785042F@mit.edu> From: Sam Hartman Date: Thu, 11 Jun 2009 16:05:26 -0400 In-Reply-To: (Tom Yu's message of "Thu\, 11 Jun 2009 10\:45\:21 -0400") Message-ID: User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux) MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@anl.gov, Zhanna Tsitkova Subject: Re: [Ietf-krb-wg] move to SHA-2 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov I'm confused. I thought NIST was phasing out SHA-1 in digital signatures, not in HMACs. I don't really support moving away from SHA-1 for the sake of moving away from SHA-1. If we run into trouble with MAC lengths, then while fixing that I have no problem moving to SHA-2. I agree with Ken. If we define any new ciphers they should be CCM or GCM. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Thu Jun 11 13:10:55 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 71A753A68B8 for ; Thu, 11 Jun 2009 13:10:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.527 X-Spam-Level: X-Spam-Status: No, score=-2.527 tagged_above=-999 required=5 tests=[AWL=0.072, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LP3uJJXJu2Kr for ; Thu, 11 Jun 2009 13:10:54 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 867E83A682A for ; Thu, 11 Jun 2009 13:10:54 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id A6CC387; Thu, 11 Jun 2009 15:11:01 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 7956DE2; Thu, 11 Jun 2009 15:11:00 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 7997780E07; Thu, 11 Jun 2009 15:11:00 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id 5E68480E01 for ; Thu, 11 Jun 2009 15:10:59 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 3BC4F7CC0A4; Thu, 11 Jun 2009 15:10:59 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 20363-01; Thu, 11 Jun 2009 15:10:59 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 16B357CC092 for ; Thu, 11 Jun 2009 15:10:59 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApoEAIcBMUpFGcSy/2dsb2JhbADBG4cFiFGECgU X-IronPort-AV: E=Sophos;i="4.42,204,1243832400"; d="scan'208";a="27943952" Received: from carter-zimmerman.suchdamage.org ([69.25.196.178]) by mailgateway.anl.gov with ESMTP; 11 Jun 2009 15:10:58 -0500 Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id A9EA14141; Thu, 11 Jun 2009 16:10:43 -0400 (EDT) To: Nicolas Williams References: <9DDFD513-08E3-4062-AD28-3B8C4785042F@mit.edu> <7F2B5748-07DD-4429-8BF4-B0119E8DD5C3@padl.com> <20090611061846.GM1049@Sun.COM> From: Sam Hartman Date: Thu, 11 Jun 2009 16:10:43 -0400 In-Reply-To: <20090611061846.GM1049@Sun.COM> (Nicolas Williams's message of "Thu\, 11 Jun 2009 01\:18\:47 -0500") Message-ID: User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux) MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: "ietf-krb-wg@lists.anl.gov" , Zhanna Tsitkova Subject: Re: [Ietf-krb-wg] move to SHA-2 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov >>>>> "Nicolas" == Nicolas Williams writes: Nicolas> On Thu, Jun 11, 2009 at 12:42:09PM +1000, Luke Howard wrote: >> On 11/06/2009, at 12:16 PM, Ken Raeburn wrote: > >That's easy enough to do. I wonder, though, if we want to go >> >further and switch to GCM or some such, and punt on the SHA >> hash >functions altogether. Nicolas> Well, the crypto framework would require updating. No. The crypto framework would not require updating to support CCM or GCM. We'd ignore the simplified profile of course. We would need to update the framework to support AEAD, but I see no reason to tie that to new cipher modes. However as I said in another message, I see no reason to standardize new cipher modes because of SHA-1. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Thu Jun 11 13:37:37 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2FF873A6B14 for ; Thu, 11 Jun 2009 13:37:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0z-FUaEkDC0k for ; Thu, 11 Jun 2009 13:37:36 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id E87E63A6AA2 for ; Thu, 11 Jun 2009 13:37:35 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 9850C87; Thu, 11 Jun 2009 15:37:43 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 3A6D2D7; Thu, 11 Jun 2009 15:37:43 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 10A8880E07; Thu, 11 Jun 2009 15:37:43 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id D12A380E01 for ; Thu, 11 Jun 2009 15:37:41 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id C7591C4; Thu, 11 Jun 2009 15:37:41 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id C35A5C5 for ; Thu, 11 Jun 2009 15:37:41 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id BDCB0C4 for ; Thu, 11 Jun 2009 15:37:41 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id A59ED7CC09E; Thu, 11 Jun 2009 15:37:41 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 26608-04; Thu, 11 Jun 2009 15:37:41 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 8503B7CC0C9 for ; Thu, 11 Jun 2009 15:37:41 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AnQBAFMHMUoSBwdQkWdsb2JhbACYPwEBAQEJCwoHEgWoEYcFiFGECgWIWg X-IronPort-AV: E=Sophos;i="4.42,204,1243832400"; d="scan'208";a="27945223" Received: from biscayne-one-station.mit.edu ([18.7.7.80]) by mailgateway.anl.gov with ESMTP; 11 Jun 2009 15:37:41 -0500 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id n5BKbdQ2014591; Thu, 11 Jun 2009 16:37:39 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id n5BKbc2g025590 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 11 Jun 2009 16:37:39 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9.20060308) id n5BKbc7a011996; Thu, 11 Jun 2009 16:37:38 -0400 (EDT) To: Sam Hartman References: <9DDFD513-08E3-4062-AD28-3B8C4785042F@mit.edu> From: Tom Yu Date: Thu, 11 Jun 2009 16:37:38 -0400 In-Reply-To: (Sam Hartman's message of "Thu, 11 Jun 2009 16:05:26 -0400") Message-ID: Lines: 30 MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.42 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@anl.gov, Zhanna Tsitkova Subject: Re: [Ietf-krb-wg] move to SHA-2 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov Sam Hartman writes: > I'm confused. I thought NIST was phasing out SHA-1 in digital signatures, not in HMACs. Much of the portion of the general public that actually has heard of SHA-1 will likely hear "NIST says no more SHA-1 after 2010". NIST is phasing out SHA-1 in digital signatures (which requires collision resistance) by 2010. You and I know that is not applicable to the HMAC use case (which requires preimage resistance). > I don't really support moving away from SHA-1 for the sake of moving > away from SHA-1. If we run into trouble with MAC lengths, then while > fixing that I have no problem moving to SHA-2. There appears to be consensus in the cryptographic community that SHA-1 is weaker than its design goals. That alone should be enough to encourage us to consider moving away from SHA-1. Whether the weakening in collision resistance could translate into problems for the HMAC use case is unknown at this time, I think. > I agree with Ken. If we define any new ciphers they should be CCM or > GCM. Updating our crypto framework to conceptually incorporate AEAD-capable modes such as CCM and GCM will take a while. It might be well past 2010 before any implementations ship the result of our work in that area. If you feel that we can accomplish all that in such an aggressive timeframe, I would like to hear some details of how we are going to do so. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Thu Jun 11 14:15:06 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CF0953A67EE for ; Thu, 11 Jun 2009 14:15:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.53 X-Spam-Level: X-Spam-Status: No, score=-2.53 tagged_above=-999 required=5 tests=[AWL=0.069, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B7DCD6tQTkvq for ; Thu, 11 Jun 2009 14:15:05 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 265613A68E5 for ; Thu, 11 Jun 2009 14:14:59 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id CA1B6DA; Thu, 11 Jun 2009 16:15:06 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 59B7FD0; Thu, 11 Jun 2009 16:15:03 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 5885580E07; Thu, 11 Jun 2009 16:15:03 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 2FE5180E01 for ; Thu, 11 Jun 2009 16:15:01 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 1E83287; Thu, 11 Jun 2009 16:15:01 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 19A21C5 for ; Thu, 11 Jun 2009 16:15:01 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 12C7D87 for ; Thu, 11 Jun 2009 16:15:01 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id E87107CC0FF; Thu, 11 Jun 2009 16:15:00 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 04034-01; Thu, 11 Jun 2009 16:15:00 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id BECC67CC0FE for ; Thu, 11 Jun 2009 16:15:00 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApoEALMQMUpFGcSy/2dsb2JhbADBKIZ9iFGECgWIWg X-IronPort-AV: E=Sophos;i="4.42,204,1243832400"; d="scan'208";a="27947444" Received: from carter-zimmerman.suchdamage.org ([69.25.196.178]) by mailgateway.anl.gov with ESMTP; 11 Jun 2009 16:15:00 -0500 Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 4FE714141; Thu, 11 Jun 2009 17:14:43 -0400 (EDT) To: Tom Yu References: <9DDFD513-08E3-4062-AD28-3B8C4785042F@mit.edu> From: Sam Hartman Date: Thu, 11 Jun 2009 17:14:43 -0400 In-Reply-To: (Tom Yu's message of "Thu\, 11 Jun 2009 16\:37\:38 -0400") Message-ID: User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux) MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: Sam Hartman , Zhanna Tsitkova , ietf-krb-wg@anl.gov Subject: Re: [Ietf-krb-wg] move to SHA-2 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov >>>>> "Tom" == Tom Yu writes: Tom> Sam Hartman writes: >> I'm confused. I thought NIST was phasing out SHA-1 in digital >> signatures, not in HMACs. Tom> Much of the portion of the general public that actually has Tom> heard of SHA-1 will likely hear "NIST says no more SHA-1 Tom> after 2010". I do not support the working group taking on new cipher modes based on the reasoning you have given. I think interoperability and implementation testing concerns are more important than a public perception in this instance. So, I think it would be more harmful to the global Kerberos community to work on new cipher modes for the sake of avoiding sha-1 than it would be to fight the public perception issue. >> I agree with Ken. If we define any new ciphers they should be >> CCM or GCM. Tom> Updating our crypto framework to conceptually incorporate Tom> AEAD-capable modes such as CCM and GCM will take a while. I disagree any framework updates are nice. If Luke gets around to writing up a version of CCM that does support AEAD use that would be fine. I think it would also be fine to standardize a version that did not expose AEAD. I don't support doing that work for the reason of getting away from sha-1, although there might be reasons for which I would support the work. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Thu Jun 11 14:23:27 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B28853A6B18 for ; Thu, 11 Jun 2009 14:23:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.533 X-Spam-Level: X-Spam-Status: No, score=-2.533 tagged_above=-999 required=5 tests=[AWL=0.066, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MRCSEJbN+7TD for ; Thu, 11 Jun 2009 14:23:26 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id B09DE3A6AF2 for ; Thu, 11 Jun 2009 14:23:26 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 6C26387; Thu, 11 Jun 2009 16:23:34 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id E710ADC; Thu, 11 Jun 2009 16:23:33 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 9891A80E07; Thu, 11 Jun 2009 16:23:33 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 8ABE580E01 for ; Thu, 11 Jun 2009 16:23:31 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 781BDDA; Thu, 11 Jun 2009 16:23:31 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 71A74F2 for ; Thu, 11 Jun 2009 16:23:31 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 65F36DA for ; Thu, 11 Jun 2009 16:23:31 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 4C63C7CC0FF; Thu, 11 Jun 2009 16:23:31 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 05526-07-5; Thu, 11 Jun 2009 16:23:31 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 97D397CC103 for ; Thu, 11 Jun 2009 16:23:30 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApoEAAsTMUpFGcSy/2dsb2JhbADBOIZ9iFGECgU X-IronPort-AV: E=Sophos;i="4.42,204,1243832400"; d="scan'208";a="27947759" Received: from carter-zimmerman.suchdamage.org ([69.25.196.178]) by mailgateway.anl.gov with ESMTP; 11 Jun 2009 16:23:13 -0500 Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id A6FC44141; Thu, 11 Jun 2009 17:22:58 -0400 (EDT) To: Larry Zhu References: <425E585D-8095-4780-A082-F65D1A5DB8B9@kth.se> <6AA48720-1E00-4924-803C-3AE9DA9243B8@kth.se> From: Sam Hartman Date: Thu, 11 Jun 2009 17:22:58 -0400 In-Reply-To: (Larry Zhu's message of "Thu\, 11 Jun 2009 03\:08\:08 +0000") Message-ID: User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux) MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: Kerberos-wg - , Sam Hartman , Love =?iso-8859-1?Q?H=F6rnquist_=C5strand?= Subject: Re: [Ietf-krb-wg] framework-12 comments X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov >>>>> "Larry" == Larry Zhu writes: Larry> Perhaps it is less ambiguous to say "Whether the origin of Larry> the KDC reply can be verified by the client principal"? If that makes someone happier I'd be happy to make the change. I don't think Love and I are managing to understand each other enough for me to respond to his concern affectively. We seem to be talking past each other. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Thu Jun 11 14:35:03 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2CC053A6AF2 for ; Thu, 11 Jun 2009 14:35:03 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.399 X-Spam-Level: X-Spam-Status: No, score=-3.399 tagged_above=-999 required=5 tests=[AWL=-0.800, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qZ3T88dWzy5y for ; Thu, 11 Jun 2009 14:35:01 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 8F0573A689A for ; Thu, 11 Jun 2009 14:35:01 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 4BD8D87; Thu, 11 Jun 2009 16:35:09 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id ED4A2E2; Thu, 11 Jun 2009 16:35:08 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 97D0F80E07; Thu, 11 Jun 2009 16:35:08 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 6D3FB80E01 for ; Thu, 11 Jun 2009 16:35:06 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 5E96387; Thu, 11 Jun 2009 16:35:06 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 5B51DC5 for ; Thu, 11 Jun 2009 16:35:06 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 5723687 for ; Thu, 11 Jun 2009 16:35:06 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 40A077CC0FE; Thu, 11 Jun 2009 16:35:06 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 07606-09; Thu, 11 Jun 2009 16:35:06 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 209BA7CC05C for ; Thu, 11 Jun 2009 16:35:06 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ArUDAGMVMUqAAsl1gWdsb2JhbACYPwEBFiOoToZ+iFGECgWIWg X-IronPort-AV: E=Sophos;i="4.42,204,1243832400"; d="scan'208";a="27948204" Received: from chokecherry.srv.cs.cmu.edu ([128.2.201.117]) by mailgateway.anl.gov with ESMTP; 11 Jun 2009 16:35:05 -0500 Received: from MINBAR.FAC.CS.CMU.EDU (MINBAR.FAC.CS.CMU.EDU [128.2.216.42]) (authenticated bits=0) by chokecherry.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id n5BLZ55D026211 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 11 Jun 2009 17:35:05 -0400 (EDT) Date: Thu, 11 Jun 2009 17:35:05 -0400 From: Jeffrey Hutzelman To: Sam Hartman , Tom Yu Message-ID: <229836A3186B0019F0B3B0BE@minbar.fac.cs.cmu.edu> In-Reply-To: References: <9DDFD513-08E3-4062-AD28-3B8C4785042F@mit.edu> X-Mailer: Mulberry/4.0.8 (Linux/x86) MIME-Version: 1.0 Content-Disposition: inline X-Scanned-By: mimedefang-cmuscs on 128.2.201.117 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@anl.gov, Zhanna Tsitkova , jhutz@cmu.edu Subject: Re: [Ietf-krb-wg] move to SHA-2 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov --On Thursday, June 11, 2009 05:14:43 PM -0400 Sam Hartman wrote: >>>>>> "Tom" == Tom Yu writes: > > Tom> Sam Hartman writes: > >> I'm confused. I thought NIST was phasing out SHA-1 in digital > >> signatures, not in HMACs. > > Tom> Much of the portion of the general public that actually has > Tom> heard of SHA-1 will likely hear "NIST says no more SHA-1 > Tom> after 2010". > > I do not support the working group taking on new cipher modes based on > the reasoning you have given. I think interoperability and > implementation testing concerns are more important than a public > perception in this instance. So, I think it would be more harmful to > the global Kerberos community to work on new cipher modes for the sake > of avoiding sha-1 than it would be to fight the public perception > issue. It wasn't entirely clear to me, but it sounded like the original proposal would have involved new variations on the existing AES-based enctypes and cksumtypes, replacing SHA-1 with a SHA-2 family hash. Would you object to the working group taking on the work in that form? Would you object to the WG taking on the work of specifying enctypes and cksumtypes using AES and a SHA-2 family hash, and leaving the question of which modes to use for discussion as part of that work, rather than setting it in stone/charter up front? Anyone else? _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Thu Jun 11 14:42:16 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EE69A3A6A87 for ; Thu, 11 Jun 2009 14:42:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.535 X-Spam-Level: X-Spam-Status: No, score=-2.535 tagged_above=-999 required=5 tests=[AWL=0.064, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aqH+LV1XuYUu for ; Thu, 11 Jun 2009 14:42:16 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 0A2863A6A62 for ; Thu, 11 Jun 2009 14:42:16 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id B7A5DE2; Thu, 11 Jun 2009 16:42:23 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 71CB5C5; Thu, 11 Jun 2009 16:42:23 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 4541680E07; Thu, 11 Jun 2009 16:42:23 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 93DD080E01 for ; Thu, 11 Jun 2009 16:42:21 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 8532C87; Thu, 11 Jun 2009 16:42:21 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 80735C5 for ; Thu, 11 Jun 2009 16:42:21 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 793B187 for ; Thu, 11 Jun 2009 16:42:21 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 628697CC100; Thu, 11 Jun 2009 16:42:21 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 08755-08; Thu, 11 Jun 2009 16:42:21 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 4246F7CC05C for ; Thu, 11 Jun 2009 16:42:21 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApoEAI8WMUpFGcSy/2dsb2JhbADBRIZ6iFGECgWIWg X-IronPort-AV: E=Sophos;i="4.42,204,1243832400"; d="scan'208";a="27948436" Received: from carter-zimmerman.suchdamage.org ([69.25.196.178]) by mailgateway.anl.gov with ESMTP; 11 Jun 2009 16:42:20 -0500 Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 483E34141; Thu, 11 Jun 2009 17:42:06 -0400 (EDT) To: Jeffrey Hutzelman References: <9DDFD513-08E3-4062-AD28-3B8C4785042F@mit.edu> <229836A3186B0019F0B3B0BE@minbar.fac.cs.cmu.edu> From: Sam Hartman Date: Thu, 11 Jun 2009 17:42:06 -0400 In-Reply-To: <229836A3186B0019F0B3B0BE@minbar.fac.cs.cmu.edu> (Jeffrey Hutzelman's message of "Thu\, 11 Jun 2009 17\:35\:05 -0400") Message-ID: User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux) MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@anl.gov, Sam Hartman , Zhanna Tsitkova , Tom Yu Subject: Re: [Ietf-krb-wg] move to SHA-2 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov >>>>> "Jeffrey" == Jeffrey Hutzelman writes: Jeffrey> It wasn't entirely clear to me, but it sounded like the Jeffrey> original proposal would have involved new variations on Jeffrey> the existing AES-based enctypes and cksumtypes, replacing Jeffrey> SHA-1 with a SHA-2 family hash. Would you object to the Jeffrey> working group taking on the work in that form? Yes, and I believe that my objection would be independent of whatever reasoning was used to justify the work. I believe I understand the issue sufficiently that discussion is unlikely to change my objection. Jeffrey> Would you object to the WG taking on the work of Jeffrey> specifying enctypes and cksumtypes using AES and a SHA-2 Jeffrey> family hash, and leaving the question of which modes to Jeffrey> use for discussion as part o I have not yet seen a justification for doing new cipher work ot all. I would definitely push for specific modes in the charter item if we were going to do new cipher mode work, but I'm not sure I feel strongly enough about that to object to any proposal that left that open. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Thu Jun 11 15:01:21 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7CF7B3A6DB6 for ; Thu, 11 Jun 2009 15:01:21 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.549 X-Spam-Level: X-Spam-Status: No, score=-102.549 tagged_above=-999 required=5 tests=[AWL=0.050, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WH357aP8VF0W for ; Thu, 11 Jun 2009 15:01:20 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 8ADB03A6D60 for ; Thu, 11 Jun 2009 15:01:20 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 457EEF0; Thu, 11 Jun 2009 17:01:28 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 04F93D0; Thu, 11 Jun 2009 17:01:28 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id DD50280E07; Thu, 11 Jun 2009 17:01:27 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 3AB8480E01 for ; Thu, 11 Jun 2009 17:01:26 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 2DFF987; Thu, 11 Jun 2009 17:01:26 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 2954AC5 for ; Thu, 11 Jun 2009 17:01:26 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 237B787 for ; Thu, 11 Jun 2009 17:01:26 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 0BB4C7CC105; Thu, 11 Jun 2009 17:01:26 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 11879-02; Thu, 11 Jun 2009 17:01:25 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id DEE407CC0FE for ; Thu, 11 Jun 2009 17:01:25 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AlQAAFAbMUqDa3PXkWdsb2JhbACYQQEBAQEJCwoHEgagS5cnhAoFiFo X-IronPort-AV: E=Sophos;i="4.42,204,1243832400"; d="scan'208";a="27949081" Received: from smtp.microsoft.com ([131.107.115.215]) by mailgateway.anl.gov with ESMTP; 11 Jun 2009 17:01:25 -0500 Received: from TK5EX14MLTC102.redmond.corp.microsoft.com (157.54.79.180) by TK5-EXGWY-E802.partners.extranet.microsoft.com (10.251.56.168) with Microsoft SMTP Server (TLS) id 8.2.99.4; Thu, 11 Jun 2009 15:01:24 -0700 Received: from TK5EX14MLTW651.wingroup.windeploy.ntdev.microsoft.com (157.54.71.39) by TK5EX14MLTC102.redmond.corp.microsoft.com (157.54.79.180) with Microsoft SMTP Server id 14.0.582.9; Thu, 11 Jun 2009 15:01:24 -0700 Received: from TK5EX14MBXW651.wingroup.windeploy.ntdev.microsoft.com ([169.254.1.90]) by TK5EX14MLTW651.wingroup.windeploy.ntdev.microsoft.com ([157.54.71.39]) with mapi; Thu, 11 Jun 2009 15:01:24 -0700 From: Larry Zhu To: Sam Hartman Thread-Topic: [Ietf-krb-wg] framework-12 comments Thread-Index: AQHJ6trK7q7BbY0BpkGWJjWsqhqciJBB6m+w Date: Thu, 11 Jun 2009 22:01:23 +0000 Message-ID: References: <425E585D-8095-4780-A082-F65D1A5DB8B9@kth.se> <6AA48720-1E00-4924-803C-3AE9DA9243B8@kth.se> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: Kerberos-wg - , =?iso-8859-1?Q?Love_H=F6rnquist_=C5strand?= Subject: Re: [Ietf-krb-wg] framework-12 comments X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov If the proposed change addresses Love's concerns, then please proceed to ma= ke the change. --Larry -----Original Message----- From: Sam Hartman [mailto:hartmans-ietf@mit.edu] Sent: Thursday, June 11, 2009 2:23 PM To: Larry Zhu Cc: Love H=F6rnquist =C5strand; Sam Hartman; Kerberos-wg - Subject: Re: [Ietf-krb-wg] framework-12 comments >>>>> "Larry" =3D=3D Larry Zhu writes: Larry> Perhaps it is less ambiguous to say "Whether the origin of Larry> the KDC reply can be verified by the client principal"? If that makes someone happier I'd be happy to make the change. I don't think Love and I are managing to understand each other enough for me to respond to his concern affectively. We seem to be talking past each other. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Thu Jun 11 15:16:20 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 66A193A6BA3 for ; Thu, 11 Jun 2009 15:16:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.299 X-Spam-Level: X-Spam-Status: No, score=-2.299 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_8BIT_HEADER=0.3] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B6UxB76KkwSF for ; Thu, 11 Jun 2009 15:16:19 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 8415E3A6A87 for ; Thu, 11 Jun 2009 15:16:19 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 45660DA; Thu, 11 Jun 2009 17:16:27 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id ECB66C4; Thu, 11 Jun 2009 17:16:24 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id DBBB180E07; Thu, 11 Jun 2009 17:16:24 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 8FAF680E01 for ; Thu, 11 Jun 2009 17:16:22 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 7F3E0C4; Thu, 11 Jun 2009 17:16:22 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 7A40DC5 for ; Thu, 11 Jun 2009 17:16:22 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 5E68FC4 for ; Thu, 11 Jun 2009 17:16:22 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 23C647CC104; Thu, 11 Jun 2009 17:16:22 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 14579-10; Thu, 11 Jun 2009 17:16:22 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 038D07CC102 for ; Thu, 11 Jun 2009 17:16:21 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AuUBANMeMUoR/g0XkWdsb2JhbACYQQEBAQEJCwoHEgW3UYQKBQ X-IronPort-AV: E=Sophos;i="4.42,204,1243832400"; d="scan'208";a="27949645" Received: from mail-out4.apple.com ([17.254.13.23]) by mailgateway.anl.gov with ESMTP; 11 Jun 2009 17:16:21 -0500 Received: from relay16.apple.com (relay16.apple.com [17.128.113.55]) by mail-out4.apple.com (Postfix) with ESMTP id 0BF436786C52 for ; Thu, 11 Jun 2009 15:16:21 -0700 (PDT) Received: from relay16.apple.com (unknown [127.0.0.1]) by relay16.apple.com (Symantec Brightmail Gateway) with ESMTP id F06025A0002 for ; Thu, 11 Jun 2009 15:16:20 -0700 (PDT) X-AuditID: 11807137-a7d6dbb00000380b-48-4a3182349a59 Received: from elliott.apple.com (elliott.apple.com [17.151.62.13]) by relay16.apple.com (Apple SCV relay) with ESMTP id D8FE1558003 for ; Thu, 11 Jun 2009 15:16:20 -0700 (PDT) MIME-version: 1.0 Received: from nutcracker.apple.com (nutcracker.apple.com [17.201.21.139]) by elliott.apple.com (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008; 32bit)) with ESMTPSA id <0KL300G7GHV8O770@elliott.apple.com> for ietf-krb-wg@anl.gov; Thu, 11 Jun 2009 15:16:20 -0700 (PDT) From: =?iso-8859-1?Q?Love_H=F6rnquist_=C5strand?= In-reply-to: Date: Thu, 11 Jun 2009 15:16:20 -0700 Message-id: <2EFB4F6F-B48E-4A1A-B0C1-E03F167CBE06@kth.se> References: <425E585D-8095-4780-A082-F65D1A5DB8B9@kth.se> <6AA48720-1E00-4924-803C-3AE9DA9243B8@kth.se> To: Larry Zhu X-Mailer: Apple Mail (2.1067.3) X-Brightmail-Tracker: AAAAAA== X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: Kerberos-wg - , Sam Hartman Subject: Re: [Ietf-krb-wg] framework-12 comments X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"; DelSp="yes" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov I still don't understand why this is a FAST state flag. Will we have a replay verified by PK-INIT flag too ? How about a verified by FAST preauth type-17 flag ? Love 11 jun 2009 kl. 15:01 skrev Larry Zhu: > If the proposed change addresses Love's concerns, then please = > proceed to make the change. > > --Larry > > -----Original Message----- > From: Sam Hartman [mailto:hartmans-ietf@mit.edu] > Sent: Thursday, June 11, 2009 2:23 PM > To: Larry Zhu > Cc: Love H=F6rnquist =C5strand; Sam Hartman; Kerberos-wg - > Subject: Re: [Ietf-krb-wg] framework-12 comments > >>>>>> "Larry" =3D=3D Larry Zhu writes: > > Larry> Perhaps it is less ambiguous to say "Whether the origin of > Larry> the KDC reply can be verified by the client principal"? > > If that makes someone happier > I'd be happy to make the change. > > I don't think Love and I are managing to understand each other enough > for me to respond to his concern affectively. We seem to be talking > past each other. > > _______________________________________________ > ietf-krb-wg mailing list > ietf-krb-wg@lists.anl.gov > https://lists.anl.gov/mailman/listinfo/ietf-krb-wg _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Thu Jun 11 15:18:49 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 70EE53A6A87 for ; Thu, 11 Jun 2009 15:18:49 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.299 X-Spam-Level: X-Spam-Status: No, score=-102.299 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4g2L9JEezqOO for ; Thu, 11 Jun 2009 15:18:48 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id AC2373A689A for ; Thu, 11 Jun 2009 15:18:48 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 705ECDA; Thu, 11 Jun 2009 17:18:56 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 599DBC5; Thu, 11 Jun 2009 17:18:54 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 8717F80E07; Thu, 11 Jun 2009 17:18:54 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id A491780E01 for ; Thu, 11 Jun 2009 17:18:53 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 97B9EC4; Thu, 11 Jun 2009 17:18:53 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 92BC0DA for ; Thu, 11 Jun 2009 17:18:53 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 8D62EC5 for ; Thu, 11 Jun 2009 17:18:53 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 732657CC104; Thu, 11 Jun 2009 17:18:53 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 14965-06; Thu, 11 Jun 2009 17:18:53 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 53D6F7CC102 for ; Thu, 11 Jun 2009 17:18:53 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AuUBAO8fMUoR/g0XkWdsb2JhbACYQQEBAQEJCwoHEgW3NIQKBYha X-IronPort-AV: E=Sophos;i="4.42,204,1243832400"; d="scan'208";a="27949720" Received: from mail-out4.apple.com ([17.254.13.23]) by mailgateway.anl.gov with ESMTP; 11 Jun 2009 17:18:52 -0500 Received: from relay16.apple.com (relay16.apple.com [17.128.113.55]) by mail-out4.apple.com (Postfix) with ESMTP id B5B606786F5D for ; Thu, 11 Jun 2009 15:18:52 -0700 (PDT) Received: from relay16.apple.com (unknown [127.0.0.1]) by relay16.apple.com (Symantec Brightmail Gateway) with ESMTP id A69005A0003 for ; Thu, 11 Jun 2009 15:18:52 -0700 (PDT) X-AuditID: 11807137-ab574bb00000380b-65-4a3182cc2433 Received: from et.apple.com (et.apple.com [17.151.62.12]) by relay16.apple.com (Apple SCV relay) with ESMTP id 8EE15558002 for ; Thu, 11 Jun 2009 15:18:52 -0700 (PDT) MIME-version: 1.0 Received: from nutcracker.apple.com (nutcracker.apple.com [17.201.21.139]) by et.apple.com (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008; 32bit)) with ESMTPSA id <0KL300BJSHZG7L80@et.apple.com> for ietf-krb-wg@anl.gov; Thu, 11 Jun 2009 15:18:52 -0700 (PDT) From: =?iso-8859-1?Q?Love_H=F6rnquist_=C5strand?= In-reply-to: Date: Thu, 11 Jun 2009 15:18:52 -0700 Message-id: <03528941-EAE2-4DA3-9A40-7EABF9C5619F@apple.com> References: <9DDFD513-08E3-4062-AD28-3B8C4785042F@mit.edu> <229836A3186B0019F0B3B0BE@minbar.fac.cs.cmu.edu> To: Sam Hartman X-Mailer: Apple Mail (2.1067.3) X-Brightmail-Tracker: AAAAAA== X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@anl.gov, Zhanna Tsitkova , Tom Yu , Jeffrey Hutzelman Subject: Re: [Ietf-krb-wg] move to SHA-2 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed"; DelSp="yes" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov 11 jun 2009 kl. 14:42 skrev Sam Hartman: >>>>>> "Jeffrey" == Jeffrey Hutzelman writes: > > Jeffrey> It wasn't entirely clear to me, but it sounded like the > Jeffrey> original proposal would have involved new variations on > Jeffrey> the existing AES-based enctypes and cksumtypes, replacing > Jeffrey> SHA-1 with a SHA-2 family hash. Would you object to the > Jeffrey> working group taking on the work in that form? > > Yes, and I believe that my objection would be independent of whatever > reasoning was used to justify the work. I believe I understand the > issue sufficiently that discussion is unlikely to change my objection. Kerberos users seems to be slow enough to migrate to new enctypes as it is already. Giving them more choices and the need to implement more Kerberos encryption types in kernel mode (for NFS and friends) would give us no more happiness. I'm all for creating new modes if the modes have proper support in hardware and other software already available. Love _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Thu Jun 11 15:58:48 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BAD953A6E0D for ; Thu, 11 Jun 2009 15:58:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.411 X-Spam-Level: X-Spam-Status: No, score=-102.411 tagged_above=-999 required=5 tests=[AWL=-0.112, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id miOoJSRVjsNi for ; Thu, 11 Jun 2009 15:58:47 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id BCC893A6A37 for ; Thu, 11 Jun 2009 15:58:47 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 8255BE2; Thu, 11 Jun 2009 17:58:55 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id DCC9DC5; Thu, 11 Jun 2009 17:58:54 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 9956980E07; Thu, 11 Jun 2009 17:58:54 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 0726B80E01 for ; Thu, 11 Jun 2009 17:58:53 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id EC52A87; Thu, 11 Jun 2009 17:58:52 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id E7CE5C4 for ; Thu, 11 Jun 2009 17:58:52 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id CAC2A87 for ; Thu, 11 Jun 2009 17:58:52 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id B54007CC104; Thu, 11 Jun 2009 17:58:52 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 19322-05; Thu, 11 Jun 2009 17:58:52 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 8C5A47CC0D4 for ; Thu, 11 Jun 2009 17:58:52 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AlQAAE4pMUqDa3PUkWdsb2JhbACYQAEBAQEJCwoHEgafYZcZgjyBTgU X-IronPort-AV: E=Sophos;i="4.42,204,1243832400"; d="scan'208";a="27950705" Received: from smtp.microsoft.com ([131.107.115.212]) by mailgateway.anl.gov with ESMTP; 11 Jun 2009 17:58:52 -0500 Received: from TK5EX14MLTC103.redmond.corp.microsoft.com (157.54.79.174) by TK5-EXGWY-E801.partners.extranet.microsoft.com (10.251.56.50) with Microsoft SMTP Server (TLS) id 8.2.99.4; Thu, 11 Jun 2009 15:58:51 -0700 Received: from TK5EX14MLTW652.wingroup.windeploy.ntdev.microsoft.com (157.54.71.68) by TK5EX14MLTC103.redmond.corp.microsoft.com (157.54.79.174) with Microsoft SMTP Server id 14.0.582.9; Thu, 11 Jun 2009 15:58:51 -0700 Received: from TK5EX14MBXW651.wingroup.windeploy.ntdev.microsoft.com ([169.254.1.90]) by TK5EX14MLTW652.wingroup.windeploy.ntdev.microsoft.com ([157.54.71.68]) with mapi; Thu, 11 Jun 2009 15:58:50 -0700 From: Larry Zhu To: =?iso-8859-1?Q?Love_H=F6rnquist_=C5strand?= Thread-Topic: [Ietf-krb-wg] framework-12 comments Thread-Index: AQHJ6trK7q7BbY0BpkGWJjWsqhqciJBB6m+wgAB5sgD//5WSwA== Date: Thu, 11 Jun 2009 22:58:49 +0000 Message-ID: References: <425E585D-8095-4780-A082-F65D1A5DB8B9@kth.se> <6AA48720-1E00-4924-803C-3AE9DA9243B8@kth.se> <2EFB4F6F-B48E-4A1A-B0C1-E03F167CBE06@kth.se> In-Reply-To: <2EFB4F6F-B48E-4A1A-B0C1-E03F167CBE06@kth.se> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: Kerberos-wg - , Sam Hartman Subject: Re: [Ietf-krb-wg] framework-12 comments X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov Whether the identity of KDC is authenticated is one of the most critical el= ements in the design of any pre-authentication method. And this flag is to = indicate whether the KDC is authenticated. The abstract data model described here should not have anything specific to= a specific pre-auth method therefore we do not have any state to track for= PKINIT. --Larry -----Original Message----- From: ietf-krb-wg-bounces@lists.anl.gov [mailto:ietf-krb-wg-bounces@lists.a= nl.gov] On Behalf Of Love H=F6rnquist =C5strand Sent: Thursday, June 11, 2009 3:16 PM To: Larry Zhu Cc: Kerberos-wg -; Sam Hartman Subject: Re: [Ietf-krb-wg] framework-12 comments I still don't understand why this is a FAST state flag. Will we have a replay verified by PK-INIT flag too ? How about a verified by FAST preauth type-17 flag ? Love 11 jun 2009 kl. 15:01 skrev Larry Zhu: > If the proposed change addresses Love's concerns, then please > proceed to make the change. > > --Larry > > -----Original Message----- > From: Sam Hartman [mailto:hartmans-ietf@mit.edu] > Sent: Thursday, June 11, 2009 2:23 PM > To: Larry Zhu > Cc: Love H=F6rnquist =C5strand; Sam Hartman; Kerberos-wg - > Subject: Re: [Ietf-krb-wg] framework-12 comments > >>>>>> "Larry" =3D=3D Larry Zhu writes: > > Larry> Perhaps it is less ambiguous to say "Whether the origin of > Larry> the KDC reply can be verified by the client principal"? > > If that makes someone happier > I'd be happy to make the change. > > I don't think Love and I are managing to understand each other enough > for me to respond to his concern affectively. We seem to be talking > past each other. > > _______________________________________________ > ietf-krb-wg mailing list > ietf-krb-wg@lists.anl.gov > https://lists.anl.gov/mailman/listinfo/ietf-krb-wg _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Thu Jun 11 16:05:01 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 53A153A6C3F for ; Thu, 11 Jun 2009 16:05:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.299 X-Spam-Level: X-Spam-Status: No, score=-2.299 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_8BIT_HEADER=0.3] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cGeU2F+EQtfk for ; Thu, 11 Jun 2009 16:05:00 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 397263A69AD for ; Thu, 11 Jun 2009 16:05:00 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id D749987; Thu, 11 Jun 2009 18:05:07 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id A382BC4; Thu, 11 Jun 2009 18:05:07 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 8000180E07; Thu, 11 Jun 2009 18:05:07 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 8D00980E01 for ; Thu, 11 Jun 2009 18:05:06 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 7E75187; Thu, 11 Jun 2009 18:05:06 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 79B14C4 for ; Thu, 11 Jun 2009 18:05:06 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 6EB3187 for ; Thu, 11 Jun 2009 18:05:06 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 31F517CC104; Thu, 11 Jun 2009 18:05:06 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 19883-08; Thu, 11 Jun 2009 18:05:06 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 04EDF7CC0D4 for ; Thu, 11 Jun 2009 18:05:05 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AuUBAHsqMUoR/g0WkWdsb2JhbACYQAEBAQEJCwoHEgW2doI8gU4F X-IronPort-AV: E=Sophos;i="4.42,204,1243832400"; d="scan'208";a="27950844" Received: from mail-out3.apple.com ([17.254.13.22]) by mailgateway.anl.gov with ESMTP; 11 Jun 2009 18:05:05 -0500 Received: from relay13.apple.com (relay13.apple.com [17.128.113.29]) by mail-out3.apple.com (Postfix) with ESMTP id 144606467D32 for ; Thu, 11 Jun 2009 16:05:05 -0700 (PDT) Received: from relay13.apple.com (unknown [127.0.0.1]) by relay13.apple.com (Symantec Brightmail Gateway) with ESMTP id E4A8528097 for ; Thu, 11 Jun 2009 16:05:04 -0700 (PDT) X-AuditID: 1180711d-a9e03bb000005f4f-c9-4a318da088b1 Received: from et.apple.com (et.apple.com [17.151.62.12]) by relay13.apple.com (Apple SCV relay) with ESMTP id B3989280BF for ; Thu, 11 Jun 2009 16:05:04 -0700 (PDT) MIME-version: 1.0 Received: from nutcracker.apple.com (nutcracker.apple.com [17.201.21.139]) by et.apple.com (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008; 32bit)) with ESMTPSA id <0KL300B4LK4G7L90@et.apple.com> for ietf-krb-wg@anl.gov; Thu, 11 Jun 2009 16:05:04 -0700 (PDT) From: =?iso-8859-1?Q?Love_H=F6rnquist_=C5strand?= In-reply-to: Date: Thu, 11 Jun 2009 16:05:04 -0700 Message-id: <9110DC10-C1E4-47A9-A6B8-1E9EB0F9747F@kth.se> References: <425E585D-8095-4780-A082-F65D1A5DB8B9@kth.se> <6AA48720-1E00-4924-803C-3AE9DA9243B8@kth.se> <2EFB4F6F-B48E-4A1A-B0C1-E03F167CBE06@kth.se> To: Larry Zhu X-Mailer: Apple Mail (2.1067.3) X-Brightmail-Tracker: AAAAAA== X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: Kerberos-wg - , Sam Hartman Subject: Re: [Ietf-krb-wg] framework-12 comments X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"; DelSp="yes" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov So that the confusing part. The flag is not about the specific "authenticated by KDC knows user's = keys" Its "authenticated reply, which is authentication done by equivalent = to KDC user's keys, OR BETTER" As written today, it looks like it specific to "authenticated by KDC = knows user's keys", ie mech specific. So a pk-based auth mech that = have better knowledge about the reply should not set the flag ? Also, I have trouble to see where in the process this flag should be = verified. Love 11 jun 2009 kl. 15:58 skrev Larry Zhu: > Whether the identity of KDC is authenticated is one of the most = > critical elements in the design of any pre-authentication method. = > And this flag is to indicate whether the KDC is authenticated. > > The abstract data model described here should not have anything = > specific to a specific pre-auth method therefore we do not have any = > state to track for PKINIT. > > --Larry > > -----Original Message----- > From: ietf-krb-wg-bounces@lists.anl.gov [mailto:ietf-krb-wg- = > bounces@lists.anl.gov] On Behalf Of Love H=F6rnquist =C5strand > Sent: Thursday, June 11, 2009 3:16 PM > To: Larry Zhu > Cc: Kerberos-wg -; Sam Hartman > Subject: Re: [Ietf-krb-wg] framework-12 comments > > I still don't understand why this is a FAST state flag. > > Will we have a replay verified by PK-INIT flag too ? > > How about a verified by FAST preauth type-17 flag ? > > Love > > 11 jun 2009 kl. 15:01 skrev Larry Zhu: > >> If the proposed change addresses Love's concerns, then please >> proceed to make the change. >> >> --Larry >> >> -----Original Message----- >> From: Sam Hartman [mailto:hartmans-ietf@mit.edu] >> Sent: Thursday, June 11, 2009 2:23 PM >> To: Larry Zhu >> Cc: Love H=F6rnquist =C5strand; Sam Hartman; Kerberos-wg - >> Subject: Re: [Ietf-krb-wg] framework-12 comments >> >>>>>>> "Larry" =3D=3D Larry Zhu writes: >> >> Larry> Perhaps it is less ambiguous to say "Whether the origin of >> Larry> the KDC reply can be verified by the client principal"? >> >> If that makes someone happier >> I'd be happy to make the change. >> >> I don't think Love and I are managing to understand each other enough >> for me to respond to his concern affectively. We seem to be talking >> past each other. >> >> _______________________________________________ >> ietf-krb-wg mailing list >> ietf-krb-wg@lists.anl.gov >> https://lists.anl.gov/mailman/listinfo/ietf-krb-wg > > _______________________________________________ > ietf-krb-wg mailing list > ietf-krb-wg@lists.anl.gov > https://lists.anl.gov/mailman/listinfo/ietf-krb-wg > > _______________________________________________ > ietf-krb-wg mailing list > ietf-krb-wg@lists.anl.gov > https://lists.anl.gov/mailman/listinfo/ietf-krb-wg _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Thu Jun 11 16:09:56 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C6EA03A6D60 for ; Thu, 11 Jun 2009 16:09:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.389 X-Spam-Level: X-Spam-Status: No, score=-102.389 tagged_above=-999 required=5 tests=[AWL=-0.090, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aGqie1RB9iaR for ; Thu, 11 Jun 2009 16:09:55 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id BF1393A6B18 for ; Thu, 11 Jun 2009 16:09:55 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 2EE35F4; Thu, 11 Jun 2009 18:10:03 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id CB332E2; Thu, 11 Jun 2009 18:10:01 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id C2FBC80E07; Thu, 11 Jun 2009 18:10:01 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 4922680E01 for ; Thu, 11 Jun 2009 18:10:00 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 3A23987; Thu, 11 Jun 2009 18:10:00 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 35951D0 for ; Thu, 11 Jun 2009 18:10:00 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 2A60387 for ; Thu, 11 Jun 2009 18:10:00 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 0EAD17CC0FF; Thu, 11 Jun 2009 18:10:00 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 20228-07; Thu, 11 Jun 2009 18:09:59 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id D99787CC0D4 for ; Thu, 11 Jun 2009 18:09:59 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AlQAALErMUqDa3PWkWdsb2JhbACYQAEBAQEJCwoHEgafXpcWgjyBTgU X-IronPort-AV: E=Sophos;i="4.42,204,1243832400"; d="scan'208";a="27950927" Received: from smtp.microsoft.com ([131.107.115.214]) by mailgateway.anl.gov with ESMTP; 11 Jun 2009 18:09:59 -0500 Received: from TK5EX14MLTC101.redmond.corp.microsoft.com (157.54.79.178) by TK5-EXGWY-E803.partners.extranet.microsoft.com (10.251.56.169) with Microsoft SMTP Server (TLS) id 8.2.99.4; Thu, 11 Jun 2009 16:09:58 -0700 Received: from TK5EX14MLTW651.wingroup.windeploy.ntdev.microsoft.com (157.54.71.39) by TK5EX14MLTC101.redmond.corp.microsoft.com (157.54.79.178) with Microsoft SMTP Server id 14.0.582.9; Thu, 11 Jun 2009 16:09:58 -0700 Received: from TK5EX14MBXW651.wingroup.windeploy.ntdev.microsoft.com ([169.254.1.90]) by TK5EX14MLTW651.wingroup.windeploy.ntdev.microsoft.com ([157.54.71.39]) with mapi; Thu, 11 Jun 2009 16:09:42 -0700 From: Larry Zhu To: =?iso-8859-1?Q?Love_H=F6rnquist_=C5strand?= Thread-Topic: [Ietf-krb-wg] framework-12 comments Thread-Index: AQHJ6trK7q7BbY0BpkGWJjWsqhqciJBB6m+wgAB5sgD//5WSwIAAeAwA//+LiAA= Date: Thu, 11 Jun 2009 23:09:41 +0000 Message-ID: References: <425E585D-8095-4780-A082-F65D1A5DB8B9@kth.se> <6AA48720-1E00-4924-803C-3AE9DA9243B8@kth.se> <2EFB4F6F-B48E-4A1A-B0C1-E03F167CBE06@kth.se> <9110DC10-C1E4-47A9-A6B8-1E9EB0F9747F@kth.se> In-Reply-To: <9110DC10-C1E4-47A9-A6B8-1E9EB0F9747F@kth.se> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: Kerberos-wg - , Sam Hartman Subject: Re: [Ietf-krb-wg] framework-12 comments X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov I see your points. Maybe we should say "Whether the origin of the KDC reply= can be verified by the Kerberos client"? This way it does not hint to use = what the client principal has (i.e. the user keys). -----Original Message----- From: Love H=F6rnquist =C5strand [mailto:lha@kth.se] Sent: Thursday, June 11, 2009 4:05 PM To: Larry Zhu Cc: Kerberos-wg -; Sam Hartman Subject: Re: [Ietf-krb-wg] framework-12 comments So that the confusing part. The flag is not about the specific "authenticated by KDC knows user's keys" Its "authenticated reply, which is authentication done by equivalent to KDC user's keys, OR BETTER" As written today, it looks like it specific to "authenticated by KDC knows user's keys", ie mech specific. So a pk-based auth mech that have better knowledge about the reply should not set the flag ? Also, I have trouble to see where in the process this flag should be verified. Love 11 jun 2009 kl. 15:58 skrev Larry Zhu: > Whether the identity of KDC is authenticated is one of the most > critical elements in the design of any pre-authentication method. > And this flag is to indicate whether the KDC is authenticated. > > The abstract data model described here should not have anything > specific to a specific pre-auth method therefore we do not have any > state to track for PKINIT. > > --Larry > > -----Original Message----- > From: ietf-krb-wg-bounces@lists.anl.gov [mailto:ietf-krb-wg- > bounces@lists.anl.gov] On Behalf Of Love H=F6rnquist =C5strand > Sent: Thursday, June 11, 2009 3:16 PM > To: Larry Zhu > Cc: Kerberos-wg -; Sam Hartman > Subject: Re: [Ietf-krb-wg] framework-12 comments > > I still don't understand why this is a FAST state flag. > > Will we have a replay verified by PK-INIT flag too ? > > How about a verified by FAST preauth type-17 flag ? > > Love > > 11 jun 2009 kl. 15:01 skrev Larry Zhu: > >> If the proposed change addresses Love's concerns, then please >> proceed to make the change. >> >> --Larry >> >> -----Original Message----- >> From: Sam Hartman [mailto:hartmans-ietf@mit.edu] >> Sent: Thursday, June 11, 2009 2:23 PM >> To: Larry Zhu >> Cc: Love H=F6rnquist =C5strand; Sam Hartman; Kerberos-wg - >> Subject: Re: [Ietf-krb-wg] framework-12 comments >> >>>>>>> "Larry" =3D=3D Larry Zhu writes: >> >> Larry> Perhaps it is less ambiguous to say "Whether the origin of >> Larry> the KDC reply can be verified by the client principal"? >> >> If that makes someone happier >> I'd be happy to make the change. >> >> I don't think Love and I are managing to understand each other enough >> for me to respond to his concern affectively. We seem to be talking >> past each other. >> >> _______________________________________________ >> ietf-krb-wg mailing list >> ietf-krb-wg@lists.anl.gov >> https://lists.anl.gov/mailman/listinfo/ietf-krb-wg > > _______________________________________________ > ietf-krb-wg mailing list > ietf-krb-wg@lists.anl.gov > https://lists.anl.gov/mailman/listinfo/ietf-krb-wg > > _______________________________________________ > ietf-krb-wg mailing list > ietf-krb-wg@lists.anl.gov > https://lists.anl.gov/mailman/listinfo/ietf-krb-wg _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Thu Jun 11 17:34:25 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B15173A696E for ; Thu, 11 Jun 2009 17:34:25 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.374 X-Spam-Level: X-Spam-Status: No, score=-102.374 tagged_above=-999 required=5 tests=[AWL=-0.075, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7fxncxUqtXlY for ; Thu, 11 Jun 2009 17:34:24 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 955E43A6820 for ; Thu, 11 Jun 2009 17:34:24 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 3C28A21; Thu, 11 Jun 2009 19:34:32 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 9ECE4C4; Thu, 11 Jun 2009 19:34:30 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 7256480E07; Thu, 11 Jun 2009 19:34:30 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 7463A80E01 for ; Thu, 11 Jun 2009 19:34:29 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 673A521; Thu, 11 Jun 2009 19:34:29 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 6262DC4 for ; Thu, 11 Jun 2009 19:34:29 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 58B4C21 for ; Thu, 11 Jun 2009 19:34:29 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 4259F7CC103; Thu, 11 Jun 2009 19:34:29 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 27797-02; Thu, 11 Jun 2009 19:34:29 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 18D3F7CC0FF for ; Thu, 11 Jun 2009 19:34:28 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AlQAAJI/MUqDa3PWkWdsb2JhbACYPwEBAQEJCwoHEgafJZcLgjyBTgU X-IronPort-AV: E=Sophos;i="4.42,205,1243832400"; d="scan'208";a="27952516" Received: from smtp.microsoft.com ([131.107.115.214]) by mailgateway.anl.gov with ESMTP; 11 Jun 2009 19:34:28 -0500 Received: from TK5EX14MLTC104.redmond.corp.microsoft.com (157.54.79.159) by TK5-EXGWY-E803.partners.extranet.microsoft.com (10.251.56.169) with Microsoft SMTP Server (TLS) id 8.2.99.4; Thu, 11 Jun 2009 17:34:27 -0700 Received: from TK5EX14MLTW652.wingroup.windeploy.ntdev.microsoft.com (157.54.71.68) by TK5EX14MLTC104.redmond.corp.microsoft.com (157.54.79.159) with Microsoft SMTP Server id 14.0.601.1; Thu, 11 Jun 2009 17:34:27 -0700 Received: from TK5EX14MBXW651.wingroup.windeploy.ntdev.microsoft.com ([169.254.1.90]) by TK5EX14MLTW652.wingroup.windeploy.ntdev.microsoft.com ([157.54.71.68]) with mapi; Thu, 11 Jun 2009 17:34:22 -0700 From: Larry Zhu To: =?iso-8859-1?Q?Love_H=F6rnquist_=C5strand?= Thread-Topic: [Ietf-krb-wg] framework-12 comments Thread-Index: AQHJ6trK7q7BbY0BpkGWJjWsqhqciJBB6m+wgAB5sgD//5WSwIAAeAwA//+LiACAABdMUA== Date: Fri, 12 Jun 2009 00:34:21 +0000 Message-ID: References: <425E585D-8095-4780-A082-F65D1A5DB8B9@kth.se> <6AA48720-1E00-4924-803C-3AE9DA9243B8@kth.se> <2EFB4F6F-B48E-4A1A-B0C1-E03F167CBE06@kth.se> <9110DC10-C1E4-47A9-A6B8-1E9EB0F9747F@kth.se> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: Kerberos-wg - , Sam Hartman Subject: Re: [Ietf-krb-wg] framework-12 comments X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov 'Love H=F6rnquist =C5strand' wrote: > Also, I have trouble to see where in the process this flag should be veri= fied. Just to clarify that where and how this flag is verified would be mechanism= specific. --Larry -----Original Message----- From: Larry Zhu Sent: Thursday, June 11, 2009 4:10 PM To: 'Love H=F6rnquist =C5strand' Cc: Kerberos-wg -; Sam Hartman Subject: RE: [Ietf-krb-wg] framework-12 comments I see your points. Maybe we should say "Whether the origin of the KDC reply= can be verified by the Kerberos client"? This way it does not hint to use = what the client principal has (i.e. the user keys). -----Original Message----- From: Love H=F6rnquist =C5strand [mailto:lha@kth.se] Sent: Thursday, June 11, 2009 4:05 PM To: Larry Zhu Cc: Kerberos-wg -; Sam Hartman Subject: Re: [Ietf-krb-wg] framework-12 comments So that the confusing part. The flag is not about the specific "authenticated by KDC knows user's keys" Its "authenticated reply, which is authentication done by equivalent to KDC user's keys, OR BETTER" As written today, it looks like it specific to "authenticated by KDC knows user's keys", ie mech specific. So a pk-based auth mech that have better knowledge about the reply should not set the flag ? Also, I have trouble to see where in the process this flag should be verified. Love 11 jun 2009 kl. 15:58 skrev Larry Zhu: > Whether the identity of KDC is authenticated is one of the most > critical elements in the design of any pre-authentication method. > And this flag is to indicate whether the KDC is authenticated. > > The abstract data model described here should not have anything > specific to a specific pre-auth method therefore we do not have any > state to track for PKINIT. > > --Larry > > -----Original Message----- > From: ietf-krb-wg-bounces@lists.anl.gov [mailto:ietf-krb-wg- > bounces@lists.anl.gov] On Behalf Of Love H=F6rnquist =C5strand > Sent: Thursday, June 11, 2009 3:16 PM > To: Larry Zhu > Cc: Kerberos-wg -; Sam Hartman > Subject: Re: [Ietf-krb-wg] framework-12 comments > > I still don't understand why this is a FAST state flag. > > Will we have a replay verified by PK-INIT flag too ? > > How about a verified by FAST preauth type-17 flag ? > > Love > > 11 jun 2009 kl. 15:01 skrev Larry Zhu: > >> If the proposed change addresses Love's concerns, then please >> proceed to make the change. >> >> --Larry >> >> -----Original Message----- >> From: Sam Hartman [mailto:hartmans-ietf@mit.edu] >> Sent: Thursday, June 11, 2009 2:23 PM >> To: Larry Zhu >> Cc: Love H=F6rnquist =C5strand; Sam Hartman; Kerberos-wg - >> Subject: Re: [Ietf-krb-wg] framework-12 comments >> >>>>>>> "Larry" =3D=3D Larry Zhu writes: >> >> Larry> Perhaps it is less ambiguous to say "Whether the origin of >> Larry> the KDC reply can be verified by the client principal"? >> >> If that makes someone happier >> I'd be happy to make the change. >> >> I don't think Love and I are managing to understand each other enough >> for me to respond to his concern affectively. We seem to be talking >> past each other. >> >> _______________________________________________ >> ietf-krb-wg mailing list >> ietf-krb-wg@lists.anl.gov >> https://lists.anl.gov/mailman/listinfo/ietf-krb-wg > > _______________________________________________ > ietf-krb-wg mailing list > ietf-krb-wg@lists.anl.gov > https://lists.anl.gov/mailman/listinfo/ietf-krb-wg > > _______________________________________________ > ietf-krb-wg mailing list > ietf-krb-wg@lists.anl.gov > https://lists.anl.gov/mailman/listinfo/ietf-krb-wg _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From kijakb@amilink.com Thu Jun 11 19:01:37 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CC6523A6903 for ; Thu, 11 Jun 2009 19:01:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -37.859 X-Spam-Level: X-Spam-Status: No, score=-37.859 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RDNS_NONE=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZNjDb8FMe5Ss for ; Thu, 11 Jun 2009 19:01:31 -0700 (PDT) Received: from alston.com (unknown [186.81.65.0]) by core3.amsl.com (Postfix) with SMTP id 9B21B3A6900 for ; Thu, 11 Jun 2009 19:01:27 -0700 (PDT) To: krb-wg-archive@lists.ietf.org Subject: Pre-register info #701051 From: krb-wg-archive@lists.ietf.org MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090612020129.9B21B3A6900@core3.amsl.com> Date: Thu, 11 Jun 2009 19:01:27 -0700 (PDT)
Tell a friend | Download latest version See this email as a webpage

Hello!

Shipped Privately And Discreetly To Your Door!
See this email as a webpage
  We want to put a great big grin on your face in 2009. You'll be to rejoice all year.  

Unsubscribe | Lost Password | Account Settings | Help | Terms of Service | Privacy

Ottho Heldringstraat 3, 49358 AZ Amsterdam, The Netherlands
From ietf-krb-wg-bounces@lists.anl.gov Thu Jun 11 19:40:13 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A8B0D3A6D3A for ; Thu, 11 Jun 2009 19:40:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.299 X-Spam-Level: X-Spam-Status: No, score=-2.299 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_8BIT_HEADER=0.3] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9ZrwVK-hC7OR for ; Thu, 11 Jun 2009 19:40:12 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id BA6613A6B83 for ; Thu, 11 Jun 2009 19:40:12 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 4E58AC4; Thu, 11 Jun 2009 21:40:20 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id EE30C11F; Thu, 11 Jun 2009 21:40:18 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id EF70B80E07; Thu, 11 Jun 2009 21:40:17 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id BDAED80E01 for ; Thu, 11 Jun 2009 21:40:15 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id AF2002C; Thu, 11 Jun 2009 21:40:15 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id AA390C4 for ; Thu, 11 Jun 2009 21:40:15 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 8F78E2C for ; Thu, 11 Jun 2009 21:40:15 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 704E27CC106; Thu, 11 Jun 2009 21:40:15 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 03044-09; Thu, 11 Jun 2009 21:40:15 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 476A57CC104 for ; Thu, 11 Jun 2009 21:40:15 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: An4BAN9cMUqAlYtpkWdsb2JhbACYPwEBAQEJCwoHEgS2KoQKBQ X-IronPort-AV: E=Sophos;i="4.42,205,1243832400"; d="scan'208";a="27954127" Received: from sentrion1.jpl.nasa.gov (HELO mail.jpl.nasa.gov) ([128.149.139.105]) by mailgateway.anl.gov with ESMTP; 11 Jun 2009 21:40:14 -0500 Received: from mail.jpl.nasa.gov (ums-smtp.jpl.nasa.gov [128.149.137.72]) by mail.jpl.nasa.gov (Switch-3.3.3mp/Switch-3.3.2mp) with ESMTP id n5C2eDfp032325 (using TLSv1/SSLv3 with cipher RC4-MD5 (128 bits) verified FAIL); Fri, 12 Jun 2009 02:40:13 GMT Received: from laphotz.jpl.nasa.gov (128.149.137.114) by ums-smtp.jpl.nasa.gov (128.149.137.72) with Microsoft SMTP Server (TLS) id 8.1.358.0; Thu, 11 Jun 2009 19:40:12 -0700 Message-ID: <5262184D-E954-4E66-9D39-5750EB80DC18@jpl.nasa.gov> From: "Henry B. Hotz" To: =?ISO-8859-1?Q?Love_H=F6rnquist_=C5strand?= In-Reply-To: <03528941-EAE2-4DA3-9A40-7EABF9C5619F@apple.com> MIME-Version: 1.0 (Apple Message framework v935.3) Date: Thu, 11 Jun 2009 19:40:11 -0700 References: <9DDFD513-08E3-4062-AD28-3B8C4785042F@mit.edu> <229836A3186B0019F0B3B0BE@minbar.fac.cs.cmu.edu> <03528941-EAE2-4DA3-9A40-7EABF9C5619F@apple.com> X-Mailer: Apple Mail (2.935.3) X-Source-IP: ums-smtp.jpl.nasa.gov [128.149.137.72] X-Source-Sender: hotz@jpl.nasa.gov X-AUTH: Authorized X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: "ietf-krb-wg@anl.gov" , Sam Hartman , Zhanna Tsitkova , Jeffrey Hutzelman Subject: Re: [Ietf-krb-wg] move to SHA-2 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"; DelSp="yes" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov On Jun 11, 2009, at 3:18 PM, Love H=F6rnquist =C5strand wrote: > 11 jun 2009 kl. 14:42 skrev Sam Hartman: > >>>>>>> "Jeffrey" =3D=3D Jeffrey Hutzelman writes: >> >> Jeffrey> It wasn't entirely clear to me, but it sounded like the >> Jeffrey> original proposal would have involved new variations on >> Jeffrey> the existing AES-based enctypes and cksumtypes, replacing >> Jeffrey> SHA-1 with a SHA-2 family hash. Would you object to the >> Jeffrey> working group taking on the work in that form? >> >> Yes, and I believe that my objection would be independent of whatever >> reasoning was used to justify the work. I believe I understand the >> issue sufficiently that discussion is unlikely to change my = >> objection. > > Kerberos users seems to be slow enough to migrate to new enctypes as > it is already. > > Giving them more choices and the need to implement more Kerberos > encryption types in kernel mode (for NFS and friends) would give us no > more happiness. > > I'm all for creating new modes if the modes have proper support in > hardware and other software already available. > > Love I think I agree with this. While many things negotiate to the correct = enctype nicely, multiplying the number of choices makes managing an = infrastructure harder. There is still a very sizable fraction of the platforms out there that = don't support the current AES enctypes yet. I'm concerned that = inventing new ones this soon will focus efforts toward simple upgrade = deployments and away from application support. While a lot of things = support Kerberos now, it still lacks a lot in terms of mind-share and = end-app polish. I think I've worked around to Sam's position. While the PR concerns = w.r.t. SHA-1 are more real than I like, they aren't sufficient to = justify new enctypes. AEAD-capable modes seem much more interesting = and justifiable. ------------------------------------------------------ The opinions expressed in this message are mine, not those of Caltech, JPL, NASA, or the US Government. Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Fri Jun 12 03:27:23 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 569823A6C34 for ; Fri, 12 Jun 2009 03:27:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.538 X-Spam-Level: X-Spam-Status: No, score=-2.538 tagged_above=-999 required=5 tests=[AWL=0.061, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AuTWz8CKxlKe for ; Fri, 12 Jun 2009 03:27:22 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 66C433A68CC for ; Fri, 12 Jun 2009 03:27:22 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 7EC9C66; Fri, 12 Jun 2009 05:27:30 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 86DDB63; Fri, 12 Jun 2009 05:27:26 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 534F680E07; Fri, 12 Jun 2009 05:27:26 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id AA27980E01 for ; Fri, 12 Jun 2009 05:27:24 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 9B17A4E; Fri, 12 Jun 2009 05:27:24 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 97BDE63 for ; Fri, 12 Jun 2009 05:27:24 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 8FB984E for ; Fri, 12 Jun 2009 05:27:24 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 6F6607CC073; Fri, 12 Jun 2009 05:27:24 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 14230-02; Fri, 12 Jun 2009 05:27:24 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 4DED97CC06F for ; Fri, 12 Jun 2009 05:27:24 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApoEABbKMUpFGcSy/2dsb2JhbADAN4Y5iFGCSYFCBQ X-IronPort-AV: E=Sophos;i="4.42,209,1243832400"; d="scan'208";a="27962065" Received: from carter-zimmerman.suchdamage.org ([69.25.196.178]) by mailgateway.anl.gov with ESMTP; 12 Jun 2009 05:27:23 -0500 Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id D42484141; Fri, 12 Jun 2009 06:27:07 -0400 (EDT) To: Larry Zhu References: <425E585D-8095-4780-A082-F65D1A5DB8B9@kth.se> <6AA48720-1E00-4924-803C-3AE9DA9243B8@kth.se> <2EFB4F6F-B48E-4A1A-B0C1-E03F167CBE06@kth.se> <9110DC10-C1E4-47A9-A6B8-1E9EB0F9747F@kth.se> From: Sam Hartman Date: Fri, 12 Jun 2009 06:27:07 -0400 In-Reply-To: (Larry Zhu's message of "Fri\, 12 Jun 2009 00\:34\:21 +0000") Message-ID: User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux) MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: Kerberos-wg - , Sam Hartman , Love =?iso-8859-1?Q?H=F6rnquist_=C5strand?= Subject: Re: [Ietf-krb-wg] framework-12 comments X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov >>>>> "Larry" =3D=3D Larry Zhu writes: Larry> 'Love H=F6rnquist =C5strand' wrote: >> Also, I have trouble to see where in the process this flag >> should be verified. Larry> Just to clarify that where and how this flag is verified Larry> would be mechanism specific. Well, I'd think implementation specific. First, note that this basically only comes up with anonymous pkinit for FAST armor and authentication sets with mechanisms not yet defined. So, I'd have a flag on the mechanism. If the mechanism replaces the reply key and does not verify the KDC, then I would not offer that mechanism with FAST using anonymous principals for armor. (Offering the mechanism outside of FAST would be even worse) If I added authentication set support, then I'd do the following: 1) Have a flag tracking replace reply key and KDC verification on the mecha= nism. Never offer an authentication set that has replace reply key and not= KDC verify. 2) Keep track of reply key replacements and KDC verifications in my KDC and= client. If I'm about to issue a ticket and I've replaced the reply key bu= t not verified the KDC, issue an error instead and get grumpy at the admin. 3) If the client receives a ticket with a replaced reply key but not KDC verified then generate an error. However this is just one implementation strategy. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Fri Jun 12 03:28:27 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3BFAB3A68CC for ; Fri, 12 Jun 2009 03:28:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.54 X-Spam-Level: X-Spam-Status: No, score=-2.54 tagged_above=-999 required=5 tests=[AWL=0.059, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OhG7mCVRMoLf for ; Fri, 12 Jun 2009 03:28:26 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 642743A67AE for ; Fri, 12 Jun 2009 03:28:26 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 78FDF66; Fri, 12 Jun 2009 05:28:34 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 37EE970; Fri, 12 Jun 2009 05:28:34 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 213D580E07; Fri, 12 Jun 2009 05:28:34 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 85C1680E01 for ; Fri, 12 Jun 2009 05:28:32 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 7FC1266; Fri, 12 Jun 2009 05:28:32 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 7C1F370 for ; Fri, 12 Jun 2009 05:28:32 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 75ED066 for ; Fri, 12 Jun 2009 05:28:32 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 608017CC07E; Fri, 12 Jun 2009 05:28:32 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 14202-10; Fri, 12 Jun 2009 05:28:32 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 3FB0A7CC06F for ; Fri, 12 Jun 2009 05:28:32 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApoEAEPLMUpFGcSy/2dsb2JhbADAOoY5iFGECwU X-IronPort-AV: E=Sophos;i="4.42,209,1243832400"; d="scan'208";a="27962082" Received: from carter-zimmerman.suchdamage.org ([69.25.196.178]) by mailgateway.anl.gov with ESMTP; 12 Jun 2009 05:28:31 -0500 Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 376BA4141; Fri, 12 Jun 2009 06:28:16 -0400 (EDT) To: Larry Zhu References: <425E585D-8095-4780-A082-F65D1A5DB8B9@kth.se> <6AA48720-1E00-4924-803C-3AE9DA9243B8@kth.se> <2EFB4F6F-B48E-4A1A-B0C1-E03F167CBE06@kth.se> <9110DC10-C1E4-47A9-A6B8-1E9EB0F9747F@kth.se> From: Sam Hartman Date: Fri, 12 Jun 2009 06:28:16 -0400 In-Reply-To: (Larry Zhu's message of "Thu\, 11 Jun 2009 23\:09\:41 +0000") Message-ID: User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux) MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: Kerberos-wg - , Sam Hartman , Love =?iso-8859-1?Q?H=F6rnquist_=C5strand?= Subject: Re: [Ietf-krb-wg] framework-12 comments X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov >>>>> "Larry" == Larry Zhu writes: Larry> I see your points. Maybe we should say "Whether the origin Larry> of the KDC reply can be verified by the Kerberos client"? Larry> This way it does not hint to use what the client principal Larry> has (i.e. the user keys). -----Original Message----- From: I agree that this change adds clarity. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Fri Jun 12 09:24:20 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B7A2E3A6A01 for ; Fri, 12 Jun 2009 09:24:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.266 X-Spam-Level: X-Spam-Status: No, score=-3.266 tagged_above=-999 required=5 tests=[AWL=-0.667, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HfVLgCL7UcIT for ; Fri, 12 Jun 2009 09:24:19 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 9BBEF3A68DD for ; Fri, 12 Jun 2009 09:24:19 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id C7806AF; Fri, 12 Jun 2009 11:24:27 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id B39F510C; Fri, 12 Jun 2009 11:24:22 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 9D74F80E07; Fri, 12 Jun 2009 11:24:22 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id AF40480E05 for ; Fri, 12 Jun 2009 11:24:20 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id AA4156D; Fri, 12 Jun 2009 11:24:20 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id A545C77 for ; Fri, 12 Jun 2009 11:24:20 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id A02486D for ; Fri, 12 Jun 2009 11:24:20 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 889D17CC110; Fri, 12 Jun 2009 11:24:20 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 24867-07; Fri, 12 Jun 2009 11:24:20 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 63ED97CC102 for ; Fri, 12 Jun 2009 11:24:20 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AooCAHceMkqAAskQe2dsb2JhbACYQwEBFiQFqgKGLIhRgjyBTwU X-IronPort-AV: E=Sophos;i="4.42,210,1243832400"; d="scan'208";a="27976477" Received: from jackfruit.srv.cs.cmu.edu ([128.2.201.16]) by mailgateway.anl.gov with ESMTP; 12 Jun 2009 11:24:19 -0500 Received: from [192.168.1.113] (SIRIUS.FAC.CS.CMU.EDU [128.2.216.216]) (authenticated bits=0) by jackfruit.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id n5CGOJVm002647 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 12 Jun 2009 12:24:19 -0400 (EDT) Date: Fri, 12 Jun 2009 12:24:18 -0400 From: Jeffrey Hutzelman To: ietf-krb-wg@anl.gov Message-ID: <8B286FBC24EFFF4C7CE1AEC4@atlantis.pc.cs.cmu.edu> X-Mailer: Mulberry/4.0.8 (Linux/x86) MIME-Version: 1.0 Content-Disposition: inline X-Scanned-By: mimedefang-cmuscs on 128.2.201.16 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: jhutz@cmu.edu Subject: [Ietf-krb-wg] WG Last Call: draft-ietf-krb-wg-preauth-framework-12 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov This note announces the start of a two-week last call within the Kerberos Working Group on whether to send the following document to the IESG: Title: A Generalized Framework for Kerberos Pre-Authentication Filename: draft-ietf-krb-wg-preauth-framework-12.txt Intended Status: Proposed Standard Kerberos is a protocol for verifying the identity of principals (e.g., a workstation user or a network server) on an open network. The Kerberos protocol provides a mechanism called pre-authentication for proving the identity of a principal and for better protecting the long-term secrets of the principal. This document describes a model for Kerberos pre-authentication mechanisms. The model describes what state in the Kerberos request a pre-authentication mechanism is likely to change. It also describes how multiple pre-authentication mechanisms used in the same request will interact. This document also provides common tools needed by multiple pre- authentication mechanisms. One of these tools is a secure channel between the client and the KDC with a reply key delivery mechanism; this secure channel can be used to protect the authentication exchange thus eliminate offline dictionary attacks. With these tools, it is relatively straightforward to chain multiple authentication mechanisms, utilize a different key management system, or support a new key agreement algorithm. This last call will expire at 23:59 EDT on Friday, June 26, 2009. Please review this document and send any comments to the Kerberos Working Group mailing list, , by that date. The file can be obtained via http://www.ietf.org/internet-drafts/draft-draft-ietf-krb-wg-preauth-framework-12.txt -- Jeffrey T. Hutzelman (N3NHS) Chair, IETF Kerberos Working Group Carnegie Mellon University - Pittsburgh, PA _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Fri Jun 12 09:47:37 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 362623A68FB for ; Fri, 12 Jun 2009 09:47:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.542 X-Spam-Level: X-Spam-Status: No, score=-2.542 tagged_above=-999 required=5 tests=[AWL=0.057, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qxZCH-t0bQaW for ; Fri, 12 Jun 2009 09:47:36 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 591563A67AF for ; Fri, 12 Jun 2009 09:47:36 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 87587F6; Fri, 12 Jun 2009 11:47:44 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 1F09777; Fri, 12 Jun 2009 11:47:43 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id D66F880E07; Fri, 12 Jun 2009 11:47:43 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 1471580E05 for ; Fri, 12 Jun 2009 11:47:42 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 0DDB76D; Fri, 12 Jun 2009 11:47:42 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 0973770 for ; Fri, 12 Jun 2009 11:47:42 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 038A46D for ; Fri, 12 Jun 2009 11:47:42 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id E12947CC110; Fri, 12 Jun 2009 11:47:41 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 29403-09; Fri, 12 Jun 2009 11:47:41 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id C2E5B7CC0F7 for ; Fri, 12 Jun 2009 11:47:41 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApoEACcjMkpFGcSy/2dsb2JhbADCY4YuiFGECwWIWg X-IronPort-AV: E=Sophos;i="4.42,210,1243832400"; d="scan'208";a="27977407" Received: from carter-zimmerman.suchdamage.org ([69.25.196.178]) by mailgateway.anl.gov with ESMTP; 12 Jun 2009 11:47:41 -0500 Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id A57204141; Fri, 12 Jun 2009 12:47:24 -0400 (EDT) To: Jeffrey Hutzelman References: <8B286FBC24EFFF4C7CE1AEC4@atlantis.pc.cs.cmu.edu> From: Sam Hartman Date: Fri, 12 Jun 2009 12:47:24 -0400 In-Reply-To: <8B286FBC24EFFF4C7CE1AEC4@atlantis.pc.cs.cmu.edu> (Jeffrey Hutzelman's message of "Fri\, 12 Jun 2009 12\:24\:18 -0400") Message-ID: User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux) MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@anl.gov Subject: Re: [Ietf-krb-wg] WG Last Call: draft-ietf-krb-wg-preauth-framework-12 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov I'm aware of two outstanding comments. 1) An issue raised by Love about the kdc verified state flag 2) My issue about unknown armor. I will be sending a third comment today regarding TGS armor. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Fri Jun 12 10:14:46 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CF03D3A6921 for ; Fri, 12 Jun 2009 10:14:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.513 X-Spam-Level: X-Spam-Status: No, score=-102.513 tagged_above=-999 required=5 tests=[AWL=0.086, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uHrc8xwxGO+N for ; Fri, 12 Jun 2009 10:14:45 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id B664D3A68FD for ; Fri, 12 Jun 2009 10:14:45 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 0D9146F; Fri, 12 Jun 2009 12:14:54 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id C26CA10C; Fri, 12 Jun 2009 12:14:53 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 5D3E180E08; Fri, 12 Jun 2009 12:14:53 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 874B480E07 for ; Fri, 12 Jun 2009 12:14:52 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 8128F6F; Fri, 12 Jun 2009 12:14:52 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 7C4E3AC for ; Fri, 12 Jun 2009 12:14:52 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 5F64D6F for ; Fri, 12 Jun 2009 12:14:52 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 475D17CC102; Fri, 12 Jun 2009 12:14:52 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 02862-07; Fri, 12 Jun 2009 12:14:52 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 1DC987CC0B5 for ; Fri, 12 Jun 2009 12:14:52 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AiwAAPMpMkqDa3PUkWdsb2JhbACYQwEBAQEJCwoHEwahWZZkgkmBQgWIWg X-IronPort-AV: E=Sophos;i="4.42,210,1243832400"; d="scan'208";a="27978578" Received: from mail1.microsoft.com (HELO smtp.microsoft.com) ([131.107.115.212]) by mailgateway.anl.gov with ESMTP; 12 Jun 2009 12:14:51 -0500 Received: from TK5EX14MLTC104.redmond.corp.microsoft.com (157.54.79.159) by TK5-EXGWY-E801.partners.extranet.microsoft.com (10.251.56.50) with Microsoft SMTP Server (TLS) id 8.2.99.4; Fri, 12 Jun 2009 10:14:51 -0700 Received: from TK5EX14MLTW652.wingroup.windeploy.ntdev.microsoft.com (157.54.71.68) by TK5EX14MLTC104.redmond.corp.microsoft.com (157.54.79.159) with Microsoft SMTP Server id 14.0.601.1; Fri, 12 Jun 2009 10:14:49 -0700 Received: from TK5EX14MBXW651.wingroup.windeploy.ntdev.microsoft.com ([169.254.1.90]) by TK5EX14MLTW652.wingroup.windeploy.ntdev.microsoft.com ([157.54.71.68]) with mapi; Fri, 12 Jun 2009 10:14:49 -0700 From: Larry Zhu To: Sam Hartman Thread-Topic: [Ietf-krb-wg] framework-12 comments Thread-Index: AQHJ60hW7q7BbY0BpkGWJjWsqhqciJBDKGDA Date: Fri, 12 Jun 2009 17:14:48 +0000 Message-ID: References: <425E585D-8095-4780-A082-F65D1A5DB8B9@kth.se> <6AA48720-1E00-4924-803C-3AE9DA9243B8@kth.se> <2EFB4F6F-B48E-4A1A-B0C1-E03F167CBE06@kth.se> <9110DC10-C1E4-47A9-A6B8-1E9EB0F9747F@kth.se> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: Kerberos-wg - , =?iso-8859-1?Q?Love_H=F6rnquist_=C5strand?= Subject: Re: [Ietf-krb-wg] framework-12 comments X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov I would like to add that this KDC verification flag is described in the con= text outside of FAST in the current document. Since fast provides KDC verif= ication in most cases, I suspect that was why it confuses the reader why th= e flag is needed at all. You brought up the cases where FAST does not provide KDC verification itsel= f, and in those cases, I agree how to mark the KDC verification flag would = be implementation specific. Perhaps we can merge the text you provide as an= implementation note in the next revision if the working group thinks it is= helpful to do so. --Larry -----Original Message----- From: Sam Hartman [mailto:hartmans-ietf@mit.edu] Sent: Friday, June 12, 2009 3:27 AM To: Larry Zhu Cc: Love H=F6rnquist =C5strand; Kerberos-wg -; Sam Hartman Subject: Re: [Ietf-krb-wg] framework-12 comments >>>>> "Larry" =3D=3D Larry Zhu writes: Larry> 'Love H=F6rnquist =C5strand' wrote: >> Also, I have trouble to see where in the process this flag >> should be verified. Larry> Just to clarify that where and how this flag is verified Larry> would be mechanism specific. Well, I'd think implementation specific. First, note that this basically only comes up with anonymous pkinit for FAST armor and authentication sets with mechanisms not yet defined. So, I'd have a flag on the mechanism. If the mechanism replaces the reply key and does not verify the KDC, then I would not offer that mechanism with FAST using anonymous principals for armor. (Offering the mechanism outside of FAST would be even worse) If I added authentication set support, then I'd do the following: 1) Have a flag tracking replace reply key and KDC verification on the mecha= nism. Never offer an authentication set that has replace reply key and not= KDC verify. 2) Keep track of reply key replacements and KDC verifications in my KDC and= client. If I'm about to issue a ticket and I've replaced the reply key bu= t not verified the KDC, issue an error instead and get grumpy at the admin. 3) If the client receives a ticket with a replaced reply key but not KDC verified then generate an error. However this is just one implementation strategy. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Fri Jun 12 10:39:40 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D53923A6AE2 for ; Fri, 12 Jun 2009 10:39:40 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.544 X-Spam-Level: X-Spam-Status: No, score=-2.544 tagged_above=-999 required=5 tests=[AWL=0.055, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YJ3R06w-CLjO for ; Fri, 12 Jun 2009 10:39:40 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 0E60E3A6A4B for ; Fri, 12 Jun 2009 10:39:40 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 617F889; Fri, 12 Jun 2009 12:39:48 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 1D27E91; Fri, 12 Jun 2009 12:39:45 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id BD92480E08; Fri, 12 Jun 2009 12:39:45 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 4105080E07 for ; Fri, 12 Jun 2009 12:39:44 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 3B84676; Fri, 12 Jun 2009 12:39:44 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 3674389 for ; Fri, 12 Jun 2009 12:39:44 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 3043276 for ; Fri, 12 Jun 2009 12:39:44 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 18C0E7CC10B; Fri, 12 Jun 2009 12:39:44 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 07446-05; Fri, 12 Jun 2009 12:39:44 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id EC3C07CC0FF for ; Fri, 12 Jun 2009 12:39:43 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApoEAAswMkpFGcSy/2dsb2JhbADCJYYsiFGECwU X-IronPort-AV: E=Sophos;i="4.42,210,1243832400"; d="scan'208";a="27979496" Received: from carter-zimmerman.suchdamage.org ([69.25.196.178]) by mailgateway.anl.gov with ESMTP; 12 Jun 2009 12:39:43 -0500 Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 001314141; Fri, 12 Jun 2009 13:39:26 -0400 (EDT) To: Larry Zhu References: <425E585D-8095-4780-A082-F65D1A5DB8B9@kth.se> <6AA48720-1E00-4924-803C-3AE9DA9243B8@kth.se> <2EFB4F6F-B48E-4A1A-B0C1-E03F167CBE06@kth.se> <9110DC10-C1E4-47A9-A6B8-1E9EB0F9747F@kth.se> From: Sam Hartman Date: Fri, 12 Jun 2009 13:39:26 -0400 In-Reply-To: (Larry Zhu's message of "Fri\, 12 Jun 2009 17\:14\:48 +0000") Message-ID: User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux) MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: Kerberos-wg - , Sam Hartman , Love =?iso-8859-1?Q?H=F6rnquist_=C5strand?= Subject: Re: [Ietf-krb-wg] framework-12 comments X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov >>>>> "Larry" == Larry Zhu writes: Larry> I would like to add that this KDC verification flag is Larry> described in the context outside of FAST in the current Larry> document. Since fast provides KDC verification in most Larry> cases, I suspect that was why it confuses the reader why Larry> the flag is needed at all. You brought up the cases where Larry> FAST does not provide KDC verification itself, and in those Larry> cases, I agree how to mark the KDC verification flag would Larry> be implementation specific. Perhaps we can merge the text Larry> you provide as an implementation note in the next revision Larry> if the working group thinks it is helpful to do so. My personal preference is not to get into that level of implementation detail. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Fri Jun 12 12:50:28 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3E51D3A6826 for ; Fri, 12 Jun 2009 12:50:28 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.449 X-Spam-Level: X-Spam-Status: No, score=-2.449 tagged_above=-999 required=5 tests=[AWL=0.150, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZX-d3+mtLK2r for ; Fri, 12 Jun 2009 12:50:27 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 2F8BC3A67E1 for ; Fri, 12 Jun 2009 12:50:27 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 766488F; Fri, 12 Jun 2009 14:50:35 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 95FD698; Fri, 12 Jun 2009 14:50:33 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 5C7D280E08; Fri, 12 Jun 2009 14:50:33 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 6700D80E07 for ; Fri, 12 Jun 2009 14:50:31 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 586A58C; Fri, 12 Jun 2009 14:50:31 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 53B108F for ; Fri, 12 Jun 2009 14:50:31 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 4E6B18C for ; Fri, 12 Jun 2009 14:50:31 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 387937CC108; Fri, 12 Jun 2009 14:50:31 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 03357-10; Fri, 12 Jun 2009 14:50:31 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 1A40B7CC0D7 for ; Fri, 12 Jun 2009 14:50:31 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AhEBAINOMkqAlYtplGdsb2JhbACYQwEBAQEJCwgJEwS4RIQLBYha X-IronPort-AV: E=Sophos;i="4.42,211,1243832400"; d="scan'208";a="27985068" Received: from sentrion1.jpl.nasa.gov (HELO mail.jpl.nasa.gov) ([128.149.139.105]) by mailgateway.anl.gov with ESMTP; 12 Jun 2009 14:50:30 -0500 Received: from mail.jpl.nasa.gov (ums-smtp.jpl.nasa.gov [128.149.137.72]) by mail.jpl.nasa.gov (Switch-3.3.3mp/Switch-3.3.2mp) with ESMTP id n5CJoT69004481 (using TLSv1/SSLv3 with cipher RC4-MD5 (128 bits) verified FAIL); Fri, 12 Jun 2009 19:50:29 GMT Received: from laphotz.jpl.nasa.gov (128.149.137.114) by ums-smtp.jpl.nasa.gov (128.149.137.72) with Microsoft SMTP Server (TLS) id 8.1.358.0; Fri, 12 Jun 2009 12:50:29 -0700 Message-ID: From: "Henry B. Hotz" To: Jeffrey Hutzelman In-Reply-To: <8B286FBC24EFFF4C7CE1AEC4@atlantis.pc.cs.cmu.edu> MIME-Version: 1.0 (Apple Message framework v935.3) Date: Fri, 12 Jun 2009 12:50:28 -0700 References: <8B286FBC24EFFF4C7CE1AEC4@atlantis.pc.cs.cmu.edu> X-Mailer: Apple Mail (2.935.3) X-Source-IP: ums-smtp.jpl.nasa.gov [128.149.137.72] X-Source-Sender: hotz@jpl.nasa.gov X-AUTH: Authorized X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: "ietf-krb-wg@anl.gov" Subject: Re: [Ietf-krb-wg] WG Last Call: draft-ietf-krb-wg-preauth-framework-12 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed"; DelSp="yes" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov On Jun 12, 2009, at 9:24 AM, Jeffrey Hutzelman wrote: > This note announces the start of a two-week last call within the > Kerberos > Working Group on whether to send the following document to the IESG: > > Title: A Generalized Framework for Kerberos Pre- > Authentication > Filename: draft-ietf-krb-wg-preauth-framework-12.txt > Intended Status: Proposed Standard --- > Please review this document and send any comments to the Kerberos > Working > Group mailing list, , by that date. The file > can be > obtained via > > http://www.ietf.org/internet-drafts/draft-draft-ietf-krb-wg-preauth-framework-12.txt Seems to be a bad link. Google says: http://tools.ietf.org/id/draft-ietf-krb-wg-preauth-framework-12.txt ------------------------------------------------------ The opinions expressed in this message are mine, not those of Caltech, JPL, NASA, or the US Government. Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Fri Jun 12 13:07:00 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 18EC73A6826 for ; Fri, 12 Jun 2009 13:07:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.17 X-Spam-Level: X-Spam-Status: No, score=-3.17 tagged_above=-999 required=5 tests=[AWL=-0.571, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GzmKbCvQx1qW for ; Fri, 12 Jun 2009 13:06:58 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 25FBB3A681D for ; Fri, 12 Jun 2009 13:06:58 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 783C0A3; Fri, 12 Jun 2009 15:07:06 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 299019F; Fri, 12 Jun 2009 15:07:05 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id D42BD80E08; Fri, 12 Jun 2009 15:07:05 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id AACB980E07 for ; Fri, 12 Jun 2009 15:07:03 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id A58F688; Fri, 12 Jun 2009 15:07:03 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id A0AFC8C for ; Fri, 12 Jun 2009 15:07:03 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 9BD6088 for ; Fri, 12 Jun 2009 15:07:03 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 833437CC09D; Fri, 12 Jun 2009 15:07:03 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 06450-06; Fri, 12 Jun 2009 15:07:03 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 62C9F7CC06F for ; Fri, 12 Jun 2009 15:07:03 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AgECAAZSMkqAAskQhWdsb2JhbACYQwEBAQoLChoFqVCGMohRhAsF X-IronPort-AV: E=Sophos;i="4.42,211,1243832400"; d="scan'208";a="27985666" Received: from jackfruit.srv.cs.cmu.edu ([128.2.201.16]) by mailgateway.anl.gov with ESMTP; 12 Jun 2009 15:07:03 -0500 Received: from [192.168.1.113] (SIRIUS.FAC.CS.CMU.EDU [128.2.216.216]) (authenticated bits=0) by jackfruit.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id n5CK71pR019055 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 12 Jun 2009 16:07:01 -0400 (EDT) Date: Fri, 12 Jun 2009 16:07:00 -0400 From: Jeffrey Hutzelman To: "Henry B. Hotz" Message-ID: In-Reply-To: References: <8B286FBC24EFFF4C7CE1AEC4@atlantis.pc.cs.cmu.edu> X-Mailer: Mulberry/4.0.8 (Linux/x86) MIME-Version: 1.0 Content-Disposition: inline X-Scanned-By: mimedefang-cmuscs on 128.2.201.16 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@anl.gov, jhutz@cmu.edu Subject: Re: [Ietf-krb-wg] WG Last Call: draft-ietf-krb-wg-preauth-framework-12 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov --On Friday, June 12, 2009 12:50:28 PM -0700 "Henry B. Hotz" wrote: >> http://www.ietf.org/internet-drafts/draft-draft-ietf-krb-wg-preauth-fram >> ework-12.txt > > > Seems to be a bad link. Google says: > http://tools.ietf.org/id/draft-ietf-krb-wg-preauth-framework-12.txt Thanks for noticing this. The link I posted works, if you take out the extra "draft-". -- Jeff _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From receptionqh2821@ristoranteperla.com Sun Jun 14 10:10:58 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3C8A03A6946 for ; Sun, 14 Jun 2009 10:10:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.328 X-Spam-Level: X-Spam-Status: No, score=-2.328 tagged_above=-999 required=5 tests=[BAYES_99=3.5, DIET_1=0.083, DOS_OE_TO_MX=2.75, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, GB_I_LETTER=-2, HELO_DYNAMIC_HCC=4.295, HELO_DYNAMIC_IPADDR2=4.395, HELO_EQ_BR=0.955, HELO_EQ_DSL=1.129, HOST_EQ_BR=1.295, HS_INDEX_PARAM=0.001, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=1.396, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_NJABL_PROXY=1.643, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_UNI=0.591, TVD_RCVD_IP=1.931, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SBL=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1PVKvTkrbfEh for ; Sun, 14 Jun 2009 10:10:57 -0700 (PDT) Received: from 200-140-65-82.gnace701.dsl.brasiltelecom.net.br (200-140-65-82.gnace701.dsl.brasiltelecom.net.br [200.140.65.82]) by core3.amsl.com (Postfix) with ESMTP id 112D33A6803 for ; Sun, 14 Jun 2009 10:10:55 -0700 (PDT) Message-ID: <000d01c9ed12$ff7e47b0$6400a8c0@receptionqh2821> From: krb-wg-archive@lists.ietf.org To: Subject: Fight Cancer Cell Daily , Try Acai Berry. Date: Sun, 14 Jun 2009 14:10:20 -0300 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0007_01C9ED12.FF7E47B0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 This is a multi-part message in MIME format. ------=_NextPart_000_0007_01C9ED12.FF7E47B0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable View online version here: here =20 =20 =20 =20 =20 =20 June=20 14, 2009 =20 =20 =20 =20 Sign up Forward Archive Advertise =20 =20 =20 =20 Fast And effective weight loss solutuion, Acai diet available n= ow !=20 Enter for access =20  This=20 Newsletter was created for krb-wg-archive@lists.ietf.org =20 =20 =20 =20 =20 =20 =20 Subscriber=20 Tools =20 Update=A0account=A0information=A0|=20 Change=A0e-mail=A0address=A0| Unsubscribe=A0| Print=A0fri= endly=A0format=A0| Web=A0version=A0 =20 ¿=20 1999-2009 Qsofo, Inc.=AE=A0Legal=20 Information =A0 ------=_NextPart_000_0007_01C9ED12.FF7E47B0 Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable View online version here: here

June=20 14, 2009 Sign up Forward Archive Advertise
Fast And effective weight lo= ss solutuion, Acai diet available now !
Enter for acce= ss
 This=20 Newsletter was created for krb-wg-archive@lists.ietf.org Subscriber=20 Tools
¿=20 1999-2009 Qsofo, Inc.=AE=A0Legal=20 Information
Update=A0account=A0information=A0|=20 Change=A0e-mail=A0address=A0| Unsubscribe=A0| Print=A0friendly=A0format=A0| Web=A0version=A0
=A0
------=_NextPart_000_0007_01C9ED12.FF7E47B0-- From juicierkzm2@navarino.com.au Sun Jun 14 10:11:54 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 47E033A6946; Sun, 14 Jun 2009 10:11:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -12.175 X-Spam-Level: X-Spam-Status: No, score=-12.175 tagged_above=-999 required=5 tests=[BAYES_99=3.5, DIET_1=0.083, DOS_OE_TO_MX=2.75, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_VERIZON_P=2.144, FM_DDDD_TIMES_2=1.999, GB_I_LETTER=-2, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_VERIZON_POOL=1.495, HS_INDEX_PARAM=0.001, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=1.396, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SBL=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hoLMuDpLDgoy; Sun, 14 Jun 2009 10:11:53 -0700 (PDT) Received: from pool-72-64-182-93.tampfl.fios.verizon.net (pool-72-64-182-93.tampfl.fios.verizon.net [72.64.182.93]) by core3.amsl.com (Postfix) with ESMTP id 34FB43A6803; Sun, 14 Jun 2009 10:11:52 -0700 (PDT) Message-ID: <000d01c9ed13$33d74fc0$6400a8c0@juicierkzm2> From: eap-archive@lists.ietf.org To: Subject: Imagine not being hungry all day without feeling side effects typical Date: Sun, 14 Jun 2009 13:11:48 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0007_01C9ED13.33D74FC0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 This is a multi-part message in MIME format. ------=_NextPart_000_0007_01C9ED13.33D74FC0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable View online version here: here =20 =20 =20 =20 =20 =20 June=20 14, 2009 =20 =20 =20 =20 Sign up Forward Archive Advertise =20 =20 =20 =20 The worlds most effective weight loss system Acai Berry.=20 Waiting for your visit =20  This=20 Newsletter was created for eap-archive@lists.ietf.org =20 =20 =20 =20 =20 =20 =20 Subscriber=20 Tools =20 Update=A0account=A0information=A0|=20 Change=A0e-mail=A0address=A0| Unsubscribe=A0| Print=A0fri= endly=A0format=A0| Web=A0version=A0 =20 ¿=20 1999-2009 Qsofo, Inc.=AE=A0Legal=20 Information =A0 ------=_NextPart_000_0007_01C9ED13.33D74FC0 Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable View online version here: here

June=20 14, 2009 Sign up Forward Archive Advertise
The worlds most effective we= ight loss system Acai Berry.
Waiting for yo= ur visit
 This=20 Newsletter was created for eap-archive@lists.ietf.org Subscriber=20 Tools
¿=20 1999-2009 Qsofo, Inc.=AE=A0Legal=20 Information
Update=A0account=A0information=A0|=20 Change=A0e-mail=A0address=A0| Unsubscribe=A0| Print=A0friendly=A0format=A0| Web=A0version=A0
=A0
------=_NextPart_000_0007_01C9ED13.33D74FC0-- From ietf-krb-wg-bounces@lists.anl.gov Mon Jun 15 06:22:12 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A75073A6CD8 for ; Mon, 15 Jun 2009 06:22:12 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.585 X-Spam-Level: X-Spam-Status: No, score=-2.585 tagged_above=-999 required=5 tests=[AWL=0.014, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O1wZs9Qyg6nf for ; Mon, 15 Jun 2009 06:22:11 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id AE31D3A6A28 for ; Mon, 15 Jun 2009 06:22:11 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 105E190; Mon, 15 Jun 2009 08:22:13 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id A82A462; Mon, 15 Jun 2009 08:22:08 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 6E0D680E07; Mon, 15 Jun 2009 08:22:08 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 7BEA380E05 for ; Mon, 15 Jun 2009 08:22:06 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 7605210; Mon, 15 Jun 2009 08:22:06 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 71A6B62 for ; Mon, 15 Jun 2009 08:22:06 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 6D13110 for ; Mon, 15 Jun 2009 08:22:06 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id E165F7CC0A6; Mon, 15 Jun 2009 08:22:05 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 22495-01; Mon, 15 Jun 2009 08:22:05 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 78E817CC0BE for ; Mon, 15 Jun 2009 08:22:04 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AkcFAJvnNUpT8bEngWdsb2JhbACBT5Z4AQEWJLsphA0FiFs X-IronPort-AV: E=Sophos;i="4.42,222,1243832400"; d="scan'208";a="28026769" Received: from yxa-v.extundo.com ([83.241.177.39]) by mailgateway.anl.gov with ESMTP; 15 Jun 2009 08:22:02 -0500 Received: from mocca.josefsson.org (c80-216-24-60.bredband.comhem.se [80.216.24.60]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5) with ESMTP id n5FDLuUI002793 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Mon, 15 Jun 2009 15:21:58 +0200 From: Simon Josefsson To: Jeffrey Hutzelman References: <8B286FBC24EFFF4C7CE1AEC4@atlantis.pc.cs.cmu.edu> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:090615:ietf-krb-wg@anl.gov::ufmpTrumWvUIQ77i:0Qto X-Hashcash: 1:22:090615:jhutz@cmu.edu::Bl+MwcnsLSv4Uo9h:GOlH Date: Mon, 15 Jun 2009 15:21:56 +0200 In-Reply-To: <8B286FBC24EFFF4C7CE1AEC4@atlantis.pc.cs.cmu.edu> (Jeffrey Hutzelman's message of "Fri, 12 Jun 2009 12:24:18 -0400") Message-ID: <87ws7dmy2z.fsf@mocca.josefsson.org> User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.94 (gnu/linux) MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@anl.gov Subject: Re: [Ietf-krb-wg] WG Last Call: draft-ietf-krb-wg-preauth-framework-12 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov Jeffrey Hutzelman writes: > This note announces the start of a two-week last call within the Kerberos > Working Group on whether to send the following document to the IESG: > > Title: A Generalized Framework for Kerberos Pre-Authentication > Filename: draft-ietf-krb-wg-preauth-framework-12.txt > Intended Status: Proposed Standard My question about intended status of FAST and STARTTLS is still unanswered: https://lists.anl.gov/pipermail/ietf-krb-wg/2009-May/007674.html As far as I understood the discussion at IETF 73 the intention then was to move forward both as Experimental. I would prefer to move forward both as Proposed Standard, but can live with Experimental. The arguments that FAST and STARTTLS are exclusive haven't been convincing to me, thus I think both has merit. /Simon _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From pablo.scheimbergd@aerofarmalab.com.ar Mon Jun 15 09:02:38 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B91EB28C176 for ; Mon, 15 Jun 2009 09:02:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.445 X-Spam-Level: X-Spam-Status: No, score=-5.445 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_XBL=3.033, RDNS_NONE=0.1, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SBL=20, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bcx6S8d6hcBy for ; Mon, 15 Jun 2009 09:02:38 -0700 (PDT) Received: from 133sh.com (unknown [95.170.246.16]) by core3.amsl.com (Postfix) with SMTP id 0795828C139 for ; Mon, 15 Jun 2009 09:02:36 -0700 (PDT) From: "Paul Barajas"@core3.amsl.com, krb-wg-archive@lists.ietf.org To: krb-wg-archive@lists.ietf.org Subject: Re: Order status 5084374420 MIME-Version: 1.0 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <20090615160237.0795828C139@core3.amsl.com> Date: Mon, 15 Jun 2009 09:02:36 -0700 (PDT) This Week

Click here to view this message as a web page.

 

Click here if this picture is blocked

Home  |  Contact Us  |  Privacy Policy  |  Terms of Use | Unsubscribe |
From kulkaer@alliancemarine.com Mon Jun 15 09:38:12 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 347143A6A75 for ; Mon, 15 Jun 2009 09:38:12 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.969 X-Spam-Level: X-Spam-Status: No, score=-14.969 tagged_above=-999 required=5 tests=[BAYES_60=1, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_SBL=20, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QokOciMt6j5G for ; Mon, 15 Jun 2009 09:38:11 -0700 (PDT) Received: from mvx-189-45-136-192.mundivox.com (mvx-189-45-136-192.mundivox.com [189.45.136.192]) by core3.amsl.com (Postfix) with SMTP id 8386F3A688A for ; Mon, 15 Jun 2009 09:38:09 -0700 (PDT) From: "Paul Barajas"@core3.amsl.com, krb-wg-archive@lists.ietf.org To: krb-wg-archive@lists.ietf.org Subject: Delivery Status Notification (Failure) 9797502234 MIME-Version: 1.0 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <20090615163810.8386F3A688A@core3.amsl.com> Date: Mon, 15 Jun 2009 09:38:09 -0700 (PDT) This Week

Click here to view this message as a web page.

 

Click here if this picture is blocked

Home  |  Contact Us  |  Privacy Policy  |  Terms of Use | Unsubscribe |
From ietf-krb-wg-bounces@lists.anl.gov Mon Jun 15 11:32:53 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AA2753A69D1 for ; Mon, 15 Jun 2009 11:32:53 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8uSj-KZE8MpM for ; Mon, 15 Jun 2009 11:32:52 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 9A1CC3A68DE for ; Mon, 15 Jun 2009 11:32:52 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 4ADA49B; Mon, 15 Jun 2009 13:32:50 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id F23D1B1; Mon, 15 Jun 2009 13:32:47 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id A573280E07; Mon, 15 Jun 2009 13:32:47 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 8E31F80E01 for ; Mon, 15 Jun 2009 13:32:46 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 894E39B; Mon, 15 Jun 2009 13:32:46 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 84A1FA3 for ; Mon, 15 Jun 2009 13:32:46 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 7FD599B for ; Mon, 15 Jun 2009 13:32:46 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 680CE7CC0DE; Mon, 15 Jun 2009 13:32:46 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 19552-08; Mon, 15 Jun 2009 13:32:46 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 4977F7CC05E for ; Mon, 15 Jun 2009 13:32:46 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AvoBAEgwNkoSBwdQlGdsb2JhbACOSwGJAnoBAQEBCQsICRMFsFmFC4hRhA0F X-IronPort-AV: E=Sophos;i="4.42,224,1243832400"; d="scan'208";a="28044887" Received: from biscayne-one-station.mit.edu ([18.7.7.80]) by mailgateway.anl.gov with ESMTP; 15 Jun 2009 13:32:45 -0500 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id n5FIWi3x026607 for ; Mon, 15 Jun 2009 14:32:44 -0400 (EDT) Received: from localhost (EQUAL-RITES.MIT.EDU [18.18.1.59]) (authenticated bits=0) (User authenticated as ghudson@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id n5FIWhF3024821 for ; Mon, 15 Jun 2009 14:32:44 -0400 (EDT) Date: Mon, 15 Jun 2009 14:32:43 -0400 (EDT) From: ghudson@MIT.EDU Message-Id: <200906151832.n5FIWhF3024821@outgoing.mit.edu> To: ietf-krb-wg@anl.gov X-Scanned-By: MIMEDefang 2.42 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Subject: [Ietf-krb-wg] draft-ietf-krb-wg-preauth-framework-12 comments X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov I have reviewed FAST draft 12. I have no new comments of interest, except for an editorial comment regarding section 1: FAST provides a protected channel between the client and the KDC, and it can optionally deliver a reply key within the protected channel. This should perhaps say "strengthen the" instead of "deliver a" to reflect the change to use a strengthening key in section 6.5.3. On March 23 I submitted some editorial comments privately to the authors. Most have not been addressed; they are: * Section 3.2: KDC_ERR_MORE_PREAUTH_DATA_NEEDED is gratuitously inconsistent with KDC_ERR_PREAUTH_REQUIRED ("needed" and "required" having the same English meaning). * Section 5: "protected against authentication" doesn't make any sense; perhaps "protected against alteration" was intended. * Section 6.1: The definition of KRB-FX-CF2 is inconsistent in its use of "->" notation. * Section 6.3: "and not including a cooking" should say "cookie". * Section 6.4: PA-AUTHENTICATION-SET and PA-AUTH-SET-SELECTED are gratuitously inconsistent in whether they abbreviate the word "authentication". * Section 6.5.6: run-on sentence: "The client sends a padata of type PA-ENCRYPTED-CHALLENGE the corresponding padata-value...". * The name "encrypted challenge" is confusing to me since no challenge is involved. Both sides prove knowledge of a key derived from the armor and long-term keys by encrypting timestamps; when I saw the word "challenge" was expecting something more along the lines of the KDC asking the client to encrypt a specified nonce. I have no issue with the semantics of the mechanism, only its name. It is probably too late to fix the naming inconsistency problems without pain, but the other editorial notes could be addressed easily. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From implementingw57@plinthandchintz.com Mon Jun 15 11:49:14 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0CA233A6A74; Mon, 15 Jun 2009 11:49:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -16.033 X-Spam-Level: X-Spam-Status: No, score=-16.033 tagged_above=-999 required=5 tests=[BAYES_99=3.5, DIET_1=0.083, DOS_OE_TO_MX=2.75, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_HCC=4.295, HELO_DYNAMIC_IPADDR2=4.395, HELO_EQ_BR=0.955, HELO_EQ_DSL=1.129, HELO_EQ_TELESP=1.245, HOST_EQ_BR=1.295, HS_INDEX_PARAM=0.001, HTML_FONT_FACE_BAD=0.884, HTML_MESSAGE=0.001, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RDNS_DYNAMIC=0.1, SARE_RECV_SPAM_DOMN02=1.666, TVD_RCVD_IP=1.931, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SBL=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eEwi-GXnxeLT; Mon, 15 Jun 2009 11:49:13 -0700 (PDT) Received: from 189-18-137-77.dsl.telesp.net.br (189-18-137-77.dsl.telesp.net.br [189.18.137.77]) by core3.amsl.com (Postfix) with ESMTP id 745D73A69F6; Mon, 15 Jun 2009 11:49:11 -0700 (PDT) Message-ID: <000d01c9ede9$e2f06ce0$6400a8c0@implementingw57> From: kink-archive@lists.ietf.org To: Subject: embrace the opportunity to try a celebrity secret for free Date: Mon, 15 Jun 2009 15:48:34 -0300 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0007_01C9EDE9.E2F06CE0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 This is a multi-part message in MIME format. ------=_NextPart_000_0007_01C9EDE9.E2F06CE0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable =20 =20 HOME | FITNESS &=20 HEALTH | SUCCESS=20 STORIES | COMMUNITY =20 =20 =20 Unsubscribe | Change E-mail Options=20 | Privacy Policy =20 =20 =20 =20 =A0 =A0 =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=20 Lose weight fast with the world's #1 acai berry Free Trial =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=20 Haste to come =A0 =A0 =20 You are subscribed as kink-archive@lists.ietf.org.If you have any que= stions, please=20 visit our comprehensive Help section or=20 contactCustomer Service.C 2009=20 Nycesngailmjrd International, Inc. =A0 ------=_NextPart_000_0007_01C9EDE9.E2F06CE0 Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable
HOME | FI= TNESS &=20 HEALTH | SU= CCESS=20 STORIES | COMMUNITY

 Unsubscribe | Change E-mail Options=20 | Privacy Policy
=A0
=A0
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=20 Lose weight fast with the world's #1 acai berry= Free Trial
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=20 Hast= e to come
=A0
=A0

You are subscribed as kink-archive@lists.ietf.org.=


If you have any questions, plea= se=20 visit our comprehensive Help section or=20 contact
Custo= mer Service.

C 2009=20 Nycesngailmjrd International, Inc.
=A0
------=_NextPart_000_0007_01C9EDE9.E2F06CE0-- From mccarthyismd45@matsumura-shika.com Mon Jun 15 11:50:35 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7E6373A6B41; Mon, 15 Jun 2009 11:50:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -16.116 X-Spam-Level: X-Spam-Status: No, score=-16.116 tagged_above=-999 required=5 tests=[BAYES_99=3.5, DOS_OE_TO_MX=2.75, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_HCC=4.295, HELO_DYNAMIC_IPADDR2=4.395, HELO_EQ_BR=0.955, HELO_EQ_DSL=1.129, HELO_EQ_TELESP=1.245, HOST_EQ_BR=1.295, HS_INDEX_PARAM=0.001, HTML_FONT_FACE_BAD=0.884, HTML_MESSAGE=0.001, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RDNS_DYNAMIC=0.1, SARE_RECV_SPAM_DOMN02=1.666, TVD_RCVD_IP=1.931, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SBL=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0MjaNRWYPknk; Mon, 15 Jun 2009 11:50:34 -0700 (PDT) Received: from 189-18-137-77.dsl.telesp.net.br (189-18-137-77.dsl.telesp.net.br [189.18.137.77]) by core3.amsl.com (Postfix) with ESMTP id 3794A3A6C7E; Mon, 15 Jun 2009 11:50:34 -0700 (PDT) Message-ID: <000d01c9edea$06414200$6400a8c0@mccarthyismd45> From: eap-archive@lists.ietf.org To: Subject: Imagine not being hungry all day without feeling side effects typical Date: Mon, 15 Jun 2009 15:49:33 -0300 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0007_01C9EDEA.06414200" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 This is a multi-part message in MIME format. ------=_NextPart_000_0007_01C9EDEA.06414200 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable =20 =20 HOME | FITNESS &=20 HEALTH | SUCCESS=20 STORIES | COMMUNITY =20 =20 =20 Unsubscribe | Change E-mail Options=20 | Privacy Policy =20 =20 =20 =20 =A0 =A0 =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=20 live the active liefestyle you always wanted with Acai Berry. =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=20 visit here =A0 =A0 =20 You are subscribed as eap-archive@lists.ietf.org.If you have any ques= tions, please=20 visit our comprehensive Help section or=20 contactCustomer Service.C 2009=20 Lwkvmanfwmmqbk International, Inc. =A0 ------=_NextPart_000_0007_01C9EDEA.06414200 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
HOME | FI= TNESS &=20 HEALTH | SU= CCESS=20 STORIES | COMMUNITY

 Unsubscribe | Change E-mail Options=20 | Privacy Policy
=A0
=A0
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=20 live the active liefestyle you always wanted wi= th Acai Berry.
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=20 visi= t here
=A0
=A0

You are subscribed as eap-archive@lists.ietf.org.

If you have any questions, plea= se=20 visit our comprehensive Help section or=20 contact
Custo= mer Service.

C 2009=20 Lwkvmanfwmmqbk International, Inc.
=A0
------=_NextPart_000_0007_01C9EDEA.06414200-- From ietf-krb-wg-bounces@lists.anl.gov Mon Jun 15 12:52:52 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A4DA43A6C5D for ; Mon, 15 Jun 2009 12:52:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.542 X-Spam-Level: X-Spam-Status: No, score=-2.542 tagged_above=-999 required=5 tests=[AWL=0.057, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 76ew3UzAMNQr for ; Mon, 15 Jun 2009 12:52:50 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id B9EEA3A6C7C for ; Mon, 15 Jun 2009 12:52:50 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 5AFF311; Mon, 15 Jun 2009 14:53:01 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id CFE854C; Mon, 15 Jun 2009 14:52:58 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 8952F80E07; Mon, 15 Jun 2009 14:52:58 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 0861980E01 for ; Mon, 15 Jun 2009 14:52:57 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id F1D1D11; Mon, 15 Jun 2009 14:52:56 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id ED0A639 for ; Mon, 15 Jun 2009 14:52:56 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id E7EEC11 for ; Mon, 15 Jun 2009 14:52:56 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id CD61E7CC09E; Mon, 15 Jun 2009 14:52:56 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 11682-10; Mon, 15 Jun 2009 14:52:56 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id ADFBF7CC073 for ; Mon, 15 Jun 2009 14:52:56 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApoEAANDNkpFGcSy/2dsb2JhbADIVYUSiFGEDQWIWw X-IronPort-AV: E=Sophos;i="4.42,224,1243832400"; d="scan'208";a="28049947" Received: from carter-zimmerman.suchdamage.org ([69.25.196.178]) by mailgateway.anl.gov with ESMTP; 15 Jun 2009 14:52:56 -0500 Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 8CB9B4142; Mon, 15 Jun 2009 15:52:32 -0400 (EDT) To: ghudson@MIT.EDU References: <200906151832.n5FIWhF3024821@outgoing.mit.edu> From: Sam Hartman Date: Mon, 15 Jun 2009 15:52:32 -0400 In-Reply-To: <200906151832.n5FIWhF3024821@outgoing.mit.edu> (ghudson@mit.edu's message of "Mon\, 15 Jun 2009 14\:32\:43 -0400 \(EDT\)") Message-ID: User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux) MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@anl.gov Subject: Re: [Ietf-krb-wg] draft-ietf-krb-wg-preauth-framework-12 comments X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov Sorry about dropping the ball on your editorial comments. In general I agree with your proposed changes except: * Section 3.2: KDC_ERR_MORE_PREAUTH_DATA_NEEDED is gratuitously inconsistent with KDC_ERR_PREAUTH_REQUIRED ("needed" and "required" having the same English meaning). I personally don't see a problem here but am happy to make the change. If people do like the current text they should speak up. * The name "encrypted challenge" is confusing to me since no challenge is involved. Both sides prove knowledge of a key derived from the armor and long-term keys by encrypting timestamps; when I saw the word "challenge" was expecting something more along the lines of the KDC asking the client to encrypt a specified nonce. I have no issue with the semantics of the mechanism, only its name. I agree encrypted challenge is not a great name for this mechanism, but don't have a better one, and don't think this is worth fixing at this point. Using challenge rather than timestamp refers to the fact that the data encrypted need not be the current time. If the client is too far off, then the KDC will send a skew error that the client can use to update its idea of what the KDC wants. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Mon Jun 15 13:13:59 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 89F5728C0DE for ; Mon, 15 Jun 2009 13:13:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.524 X-Spam-Level: X-Spam-Status: No, score=-102.524 tagged_above=-999 required=5 tests=[AWL=0.075, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FhISXb319t7a for ; Mon, 15 Jun 2009 13:13:58 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 2ADA43A67AF for ; Mon, 15 Jun 2009 13:13:58 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 56E5CC0; Mon, 15 Jun 2009 15:14:08 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 4DFD243; Mon, 15 Jun 2009 15:14:07 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 1F70C80E07; Mon, 15 Jun 2009 15:14:07 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id D8F4180E01 for ; Mon, 15 Jun 2009 15:14:04 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id CE98E43; Mon, 15 Jun 2009 15:14:04 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id C3996A3 for ; Mon, 15 Jun 2009 15:14:04 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id A1B6FAB for ; Mon, 15 Jun 2009 15:14:04 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 7A0487CC09E; Mon, 15 Jun 2009 15:14:04 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 15986-01; Mon, 15 Jun 2009 15:14:04 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 4D9C87CC08F for ; Mon, 15 Jun 2009 15:14:04 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Ak0AAN5INkqDa3PWkWdsb2JhbACYSwEBAQEJCwoHEwanTpVFhA0FiFs X-IronPort-AV: E=Sophos;i="4.42,224,1243832400"; d="scan'208";a="28050806" Received: from mailc.microsoft.com (HELO smtp.microsoft.com) ([131.107.115.214]) by mailgateway.anl.gov with ESMTP; 15 Jun 2009 15:14:03 -0500 Received: from TK5EX14MLTC103.redmond.corp.microsoft.com (157.54.79.174) by TK5-EXGWY-E803.partners.extranet.microsoft.com (10.251.56.169) with Microsoft SMTP Server (TLS) id 8.2.99.4; Mon, 15 Jun 2009 13:14:02 -0700 Received: from TK5EX14MLTW651.wingroup.windeploy.ntdev.microsoft.com (157.54.71.39) by TK5EX14MLTC103.redmond.corp.microsoft.com (157.54.79.174) with Microsoft SMTP Server id 14.0.601.1; Mon, 15 Jun 2009 13:08:02 -0700 Received: from TK5EX14MBXW651.wingroup.windeploy.ntdev.microsoft.com ([169.254.1.90]) by TK5EX14MLTW651.wingroup.windeploy.ntdev.microsoft.com ([157.54.71.39]) with mapi; Mon, 15 Jun 2009 13:08:02 -0700 From: Larry Zhu To: Sam Hartman , "ghudson@MIT.EDU" Thread-Topic: [Ietf-krb-wg] draft-ietf-krb-wg-preauth-framework-12 comments Thread-Index: AQHJ7em6vE6BUvZwD0OS1UVaiGM+UZBICxgPgAACBYA= Date: Mon, 15 Jun 2009 20:08:01 +0000 Message-ID: References: <200906151832.n5FIWhF3024821@outgoing.mit.edu> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: "ietf-krb-wg@anl.gov" Subject: Re: [Ietf-krb-wg] draft-ietf-krb-wg-preauth-framework-12 comments X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov >> Greg wrote: >>* Section 3.2: KDC_ERR_MORE_PREAUTH_DATA_NEEDED is gratuitously >> inconsistent with KDC_ERR_PREAUTH_REQUIRED ("needed" and "required" >> having the same English meaning). Sam wrote: > I personally don't see a problem here but am happy to make the change. > If people do like the current text they should speak up. Same here. I do not see why we need to make a change for this, but I do not object to changing the symbolic name of this error code to say KDC_ERR_MORE_PREAUTH_DATA_REQUIRED, if that makes it easier to understand and if it is more self-consistent. --Larry -----Original Message----- From: ietf-krb-wg-bounces@lists.anl.gov [mailto:ietf-krb-wg-bounces@lists.anl.gov] On Behalf Of Sam Hartman Sent: Monday, June 15, 2009 12:53 PM To: ghudson@MIT.EDU Cc: ietf-krb-wg@anl.gov Subject: Re: [Ietf-krb-wg] draft-ietf-krb-wg-preauth-framework-12 comments Sorry about dropping the ball on your editorial comments. In general I agree with your proposed changes except: * Section 3.2: KDC_ERR_MORE_PREAUTH_DATA_NEEDED is gratuitously inconsistent with KDC_ERR_PREAUTH_REQUIRED ("needed" and "required" having the same English meaning). I personally don't see a problem here but am happy to make the change. If people do like the current text they should speak up. * The name "encrypted challenge" is confusing to me since no challenge is involved. Both sides prove knowledge of a key derived from the armor and long-term keys by encrypting timestamps; when I saw the word "challenge" was expecting something more along the lines of the KDC asking the client to encrypt a specified nonce. I have no issue with the semantics of the mechanism, only its name. I agree encrypted challenge is not a great name for this mechanism, but don't have a better one, and don't think this is worth fixing at this point. Using challenge rather than timestamp refers to the fact that the data encrypted need not be the current time. If the client is too far off, then the KDC will send a skew error that the client can use to update its idea of what the KDC wants. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Mon Jun 15 13:20:56 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EF4DF3A6CD3 for ; Mon, 15 Jun 2009 13:20:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.532 X-Spam-Level: X-Spam-Status: No, score=-102.532 tagged_above=-999 required=5 tests=[AWL=0.067, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QytDyifGVq9X for ; Mon, 15 Jun 2009 13:20:56 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id F08AF3A67F4 for ; Mon, 15 Jun 2009 13:20:55 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 4F18E54; Mon, 15 Jun 2009 15:20:41 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 1E4043E; Mon, 15 Jun 2009 15:20:41 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 01CCE80E07; Mon, 15 Jun 2009 15:20:41 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id D9F7E80E01 for ; Mon, 15 Jun 2009 15:20:39 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id D64882F; Mon, 15 Jun 2009 15:20:39 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id D143E3A for ; Mon, 15 Jun 2009 15:20:39 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id B3DA22F for ; Mon, 15 Jun 2009 15:20:39 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 974E17CC0DE; Mon, 15 Jun 2009 15:20:39 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 17056-01; Mon, 15 Jun 2009 15:20:39 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 6759F7CC0CB for ; Mon, 15 Jun 2009 15:20:39 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Ak0AAAtKNkqDa3PWkWdsb2JhbACYSwEBAQEJCwoHEwanR5VKhA0FiFs X-IronPort-AV: E=Sophos;i="4.42,224,1243832400"; d="scan'208";a="28051010" Received: from mailc.microsoft.com (HELO smtp.microsoft.com) ([131.107.115.214]) by mailgateway.anl.gov with ESMTP; 15 Jun 2009 15:20:39 -0500 Received: from TK5EX14MLTC104.redmond.corp.microsoft.com (157.54.79.159) by TK5-EXGWY-E803.partners.extranet.microsoft.com (10.251.56.169) with Microsoft SMTP Server (TLS) id 8.2.99.4; Mon, 15 Jun 2009 13:20:38 -0700 Received: from TK5EX14MLTW651.wingroup.windeploy.ntdev.microsoft.com (157.54.71.39) by TK5EX14MLTC104.redmond.corp.microsoft.com (157.54.79.159) with Microsoft SMTP Server id 14.0.601.1; Mon, 15 Jun 2009 13:20:18 -0700 Received: from TK5EX14MBXW651.wingroup.windeploy.ntdev.microsoft.com ([169.254.1.90]) by TK5EX14MLTW651.wingroup.windeploy.ntdev.microsoft.com ([157.54.71.39]) with mapi; Mon, 15 Jun 2009 13:20:18 -0700 From: Larry Zhu To: Sam Hartman , "ghudson@MIT.EDU" Thread-Topic: [Ietf-krb-wg] draft-ietf-krb-wg-preauth-framework-12 comments Thread-Index: AQHJ7em6vE6BUvZwD0OS1UVaiGM+UZBICxgPgAAEW+A= Date: Mon, 15 Jun 2009 20:20:17 +0000 Message-ID: References: <200906151832.n5FIWhF3024821@outgoing.mit.edu> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: "ietf-krb-wg@anl.gov" Subject: Re: [Ietf-krb-wg] draft-ietf-krb-wg-preauth-framework-12 comments X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov ghudson wrote: >* The name "encrypted challenge" is confusing to me since no challenge > is involved. Both sides prove knowledge of a key derived from the > armor and long-term keys by encrypting timestamps; when I saw the > word "challenge" was expecting something more along the lines of the > KDC asking the client to encrypt a specified nonce. I have no issue > with the semantics of the mechanism, only its name. Sam Hartman wrote: > I agree encrypted challenge is not a great name for this mechanism, > but don't have a better one, and don't think this is worth fixing at > this point. Using challenge rather than timestamp refers to the fact > that the data encrypted need not be the current time. If the client > is too far off, then the KDC will send a skew error that the client > can use to update its idea of what the KDC wants. It might be helpful to explain this so the naming makes sense, i.e. why the word "challenge" is used instead of "timestamp" because it is not really a time stamp from the client's perspective. This fast factor essentially relaxes the loose-clock-synchronization requirement for the Kerberos client. The exact aspect is in practice done in the implementation, but this is the attempt to make it clear in the specification based on the deployment experience. --Larry -----Original Message----- From: ietf-krb-wg-bounces@lists.anl.gov [mailto:ietf-krb-wg-bounces@lists.anl.gov] On Behalf Of Sam Hartman Sent: Monday, June 15, 2009 12:53 PM To: ghudson@MIT.EDU Cc: ietf-krb-wg@anl.gov Subject: Re: [Ietf-krb-wg] draft-ietf-krb-wg-preauth-framework-12 comments Sorry about dropping the ball on your editorial comments. In general I agree with your proposed changes except: * Section 3.2: KDC_ERR_MORE_PREAUTH_DATA_NEEDED is gratuitously inconsistent with KDC_ERR_PREAUTH_REQUIRED ("needed" and "required" having the same English meaning). I personally don't see a problem here but am happy to make the change. If people do like the current text they should speak up. * The name "encrypted challenge" is confusing to me since no challenge is involved. Both sides prove knowledge of a key derived from the armor and long-term keys by encrypting timestamps; when I saw the word "challenge" was expecting something more along the lines of the KDC asking the client to encrypt a specified nonce. I have no issue with the semantics of the mechanism, only its name. I agree encrypted challenge is not a great name for this mechanism, but don't have a better one, and don't think this is worth fixing at this point. Using challenge rather than timestamp refers to the fact that the data encrypted need not be the current time. If the client is too far off, then the KDC will send a skew error that the client can use to update its idea of what the KDC wants. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Mon Jun 15 13:45:31 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2ED493A68E7 for ; Mon, 15 Jun 2009 13:45:31 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.544 X-Spam-Level: X-Spam-Status: No, score=-2.544 tagged_above=-999 required=5 tests=[AWL=0.055, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nZrPA9++6fqM for ; Mon, 15 Jun 2009 13:45:30 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 381EF3A6947 for ; Mon, 15 Jun 2009 13:45:30 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 7A7F33E; Mon, 15 Jun 2009 15:45:33 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 26484A3; Mon, 15 Jun 2009 15:45:31 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id D0CA280E07; Mon, 15 Jun 2009 15:45:31 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 195D780E01 for ; Mon, 15 Jun 2009 15:45:30 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 03BC43A; Mon, 15 Jun 2009 15:45:30 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id E667E4F for ; Mon, 15 Jun 2009 15:45:29 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id DA9E13E for ; Mon, 15 Jun 2009 15:45:29 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id C6D4F7CC0D7; Mon, 15 Jun 2009 15:45:29 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 21821-05; Mon, 15 Jun 2009 15:45:29 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id A7AAC7CC086 for ; Mon, 15 Jun 2009 15:45:29 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApoEAOdPNkpFGcSy/2dsb2JhbADIBYUciFGEDQU X-IronPort-AV: E=Sophos;i="4.42,224,1243832400"; d="scan'208";a="28051973" Received: from carter-zimmerman.suchdamage.org ([69.25.196.178]) by mailgateway.anl.gov with ESMTP; 15 Jun 2009 15:45:29 -0500 Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 376B44142; Mon, 15 Jun 2009 16:45:06 -0400 (EDT) To: Larry Zhu References: <200906151832.n5FIWhF3024821@outgoing.mit.edu> From: Sam Hartman Date: Mon, 15 Jun 2009 16:45:06 -0400 In-Reply-To: (Larry Zhu's message of "Mon\, 15 Jun 2009 20\:20\:17 +0000") Message-ID: User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux) MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: "ietf-krb-wg@anl.gov" , Sam Hartman Subject: Re: [Ietf-krb-wg] draft-ietf-krb-wg-preauth-framework-12 comments X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov I'm happy to add an explanation. --Sam _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Mon Jun 15 16:48:46 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 758BB3A69AA for ; Mon, 15 Jun 2009 16:48:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.524 X-Spam-Level: X-Spam-Status: No, score=-2.524 tagged_above=-999 required=5 tests=[AWL=0.075, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ilRoJ4JVrB6z for ; Mon, 15 Jun 2009 16:48:45 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 5FAB93A6856 for ; Mon, 15 Jun 2009 16:48:45 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 68D8253; Mon, 15 Jun 2009 18:48:35 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 6DB3156; Mon, 15 Jun 2009 18:48:33 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 4BACE80E07; Mon, 15 Jun 2009 18:48:33 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 2809480E01 for ; Mon, 15 Jun 2009 18:48:31 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 1F70353; Mon, 15 Jun 2009 18:48:31 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 1B88156 for ; Mon, 15 Jun 2009 18:48:31 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 1472053 for ; Mon, 15 Jun 2009 18:48:31 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id F12877CC07C; Mon, 15 Jun 2009 18:48:30 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 12815-01; Mon, 15 Jun 2009 18:48:30 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id CB0F17CC06C for ; Mon, 15 Jun 2009 18:48:30 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AkwBABd6NkqAlYtpkWdsb2JhbACYTAEBAQEJCwoHEwS6WoQNBQ X-IronPort-AV: E=Sophos;i="4.42,224,1243832400"; d="scan'208";a="28056631" Received: from sentrion1.jpl.nasa.gov (HELO mail.jpl.nasa.gov) ([128.149.139.105]) by mailgateway.anl.gov with ESMTP; 15 Jun 2009 18:48:30 -0500 Received: from mail.jpl.nasa.gov (ums-smtp.jpl.nasa.gov [128.149.137.72]) by mail.jpl.nasa.gov (Switch-3.3.3mp/Switch-3.3.2mp) with ESMTP id n5FNmFtu027761 (using TLSv1/SSLv3 with cipher RC4-MD5 (128 bits) verified FAIL); Mon, 15 Jun 2009 23:48:29 GMT Received: from dhcp-78-111-239.jpl.nasa.gov (128.149.137.114) by ums-smtp.jpl.nasa.gov (128.149.137.72) with Microsoft SMTP Server (TLS) id 8.1.358.0; Mon, 15 Jun 2009 16:48:26 -0700 Message-ID: From: "Henry B. Hotz" To: Simon Josefsson In-Reply-To: <87ws7dmy2z.fsf@mocca.josefsson.org> MIME-Version: 1.0 (Apple Message framework v935.3) Date: Mon, 15 Jun 2009 16:48:25 -0700 References: <8B286FBC24EFFF4C7CE1AEC4@atlantis.pc.cs.cmu.edu> <87ws7dmy2z.fsf@mocca.josefsson.org> X-Mailer: Apple Mail (2.935.3) X-Source-IP: ums-smtp.jpl.nasa.gov [128.149.137.72] X-Source-Sender: hotz@jpl.nasa.gov X-AUTH: Authorized X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: "ietf-krb-wg@anl.gov" , Jeffrey Hutzelman Subject: [Ietf-krb-wg] STARTTLS (was preauth-framework-12) X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed"; DelSp="yes" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov I think I said back then that I supported publishing STARTTLS (as experimental, if it helps) as expeditiously as possible. Perhaps I mis-remember, but I thought the intent was to do both FAST and STARTTLS as experimental and promote one or both to standard status at a later date. If that wasn't the intent, let me propose it as a compromise. On Jun 15, 2009, at 6:21 AM, Simon Josefsson wrote: > My question about intended status of FAST and STARTTLS is still > unanswered: > > https://lists.anl.gov/pipermail/ietf-krb-wg/2009-May/007674.html > > As far as I understood the discussion at IETF 73 the intention then > was > to move forward both as Experimental. I would prefer to move forward > both as Proposed Standard, but can live with Experimental. The > arguments that FAST and STARTTLS are exclusive haven't been convincing > to me, thus I think both has merit. > > /Simon ------------------------------------------------------ The opinions expressed in this message are mine, not those of Caltech, JPL, NASA, or the US Government. Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Mon Jun 15 17:03:40 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 469913A69D0 for ; Mon, 15 Jun 2009 17:03:40 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.064 X-Spam-Level: X-Spam-Status: No, score=-4.064 tagged_above=-999 required=5 tests=[AWL=-1.465, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JLfXHFtFtbYn for ; Mon, 15 Jun 2009 17:03:39 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 47C433A69AA for ; Mon, 15 Jun 2009 17:03:39 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id D3390C1; Mon, 15 Jun 2009 19:03:39 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 8BADFBE; Mon, 15 Jun 2009 19:03:39 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 5635480E07; Mon, 15 Jun 2009 19:03:39 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 23C3980E01 for ; Mon, 15 Jun 2009 19:03:37 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 1A7D2AB; Mon, 15 Jun 2009 19:03:37 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 15C83B4 for ; Mon, 15 Jun 2009 19:03:37 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 103D5AB for ; Mon, 15 Jun 2009 19:03:37 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id EA0C17CC087; Mon, 15 Jun 2009 19:03:36 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 14155-08; Mon, 15 Jun 2009 19:03:36 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id CBAB97CC077 for ; Mon, 15 Jun 2009 19:03:36 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AgcCAJt9NkrAEmIklGdsb2JhbACYTAEBAQEJCwgJEwW6VYQNBQ X-IronPort-AV: E=Sophos;i="4.42,225,1243832400"; d="scan'208";a="28056905" Received: from brmea-mail-4.sun.com ([192.18.98.36]) by mailgateway.anl.gov with ESMTP; 15 Jun 2009 19:03:35 -0500 Received: from dm-central-02.central.sun.com ([129.147.62.5]) by brmea-mail-4.sun.com (8.13.6+Sun/8.12.9) with ESMTP id n5G03ZcM016963 for ; Tue, 16 Jun 2009 00:03:35 GMT Received: from binky.Central.Sun.COM (binky.Central.Sun.COM [129.153.128.104]) by dm-central-02.central.sun.com (8.13.8+Sun/8.13.8/ENSMAIL, v2.2) with ESMTP id n5G03ZHq047668 for ; Mon, 15 Jun 2009 18:03:35 -0600 (MDT) Received: from binky.Central.Sun.COM (localhost [127.0.0.1]) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3) with ESMTP id n5FNrZEr002010; Mon, 15 Jun 2009 18:53:35 -0500 (CDT) Received: (from nw141292@localhost) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3/Submit) id n5FNrY0o002009; Mon, 15 Jun 2009 18:53:34 -0500 (CDT) X-Authentication-Warning: binky.Central.Sun.COM: nw141292 set sender to Nicolas.Williams@sun.com using -f Date: Mon, 15 Jun 2009 18:53:33 -0500 From: Nicolas Williams To: "Henry B. Hotz" Message-ID: <20090615235333.GI1308@Sun.COM> References: <8B286FBC24EFFF4C7CE1AEC4@atlantis.pc.cs.cmu.edu> <87ws7dmy2z.fsf@mocca.josefsson.org> Mime-Version: 1.0 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.7i X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: Simon Josefsson , Jeffrey Hutzelman , "ietf-krb-wg@anl.gov" Subject: Re: [Ietf-krb-wg] STARTTLS (was preauth-framework-12) X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov On Mon, Jun 15, 2009 at 04:48:25PM -0700, Henry B. Hotz wrote: > I think I said back then that I supported publishing STARTTLS (as > experimental, if it helps) as expeditiously as possible. > > Perhaps I mis-remember, but I thought the intent was to do both FAST > and STARTTLS as experimental and promote one or both to standard > status at a later date. If that wasn't the intent, let me propose it > as a compromise. FAST has much more functionality, such as using host creds to protect PA-ENC-TIMESTAMP, PA-ENC-TIMESTAMP with channel binding to anon-anon and anon-not-anon DH PKINIT. The Start-tls proposal does not. Ergo I will support FAST for the Standards-Track. I don't mind if Start-tls goes on the Standards-Track or not; as long as you use server certs to authenticate the KDC I think Start-tls is sufficiently good to be on the Standards-Track, even though it lacks important features. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Mon Jun 15 17:07:48 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E974228C182 for ; Mon, 15 Jun 2009 17:07:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.539 X-Spam-Level: X-Spam-Status: No, score=-102.539 tagged_above=-999 required=5 tests=[AWL=0.060, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e0w7XAPp2jMT for ; Mon, 15 Jun 2009 17:07:47 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id C309228C187 for ; Mon, 15 Jun 2009 17:07:47 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 4EB35C6; Mon, 15 Jun 2009 19:07:58 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 20373C0; Mon, 15 Jun 2009 19:07:58 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id E6B7C80E07; Mon, 15 Jun 2009 19:07:57 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 27A1880E01 for ; Mon, 15 Jun 2009 19:07:56 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 186AAB4; Mon, 15 Jun 2009 19:07:56 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 13CA7BD for ; Mon, 15 Jun 2009 19:07:56 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id EA2F0B4 for ; Mon, 15 Jun 2009 19:07:55 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id D43F77CC086; Mon, 15 Jun 2009 19:07:55 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 14570-09; Mon, 15 Jun 2009 19:07:55 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id AB4AC7CC077 for ; Mon, 15 Jun 2009 19:07:55 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Ak0AAMd+NkqDa3PXkWdsb2JhbACYTAEBAQEJCwoHEwakWpVphA0F X-IronPort-AV: E=Sophos;i="4.42,225,1243832400"; d="scan'208";a="28056990" Received: from smtp.microsoft.com ([131.107.115.215]) by mailgateway.anl.gov with ESMTP; 15 Jun 2009 19:07:55 -0500 Received: from TK5EX14MLTC104.redmond.corp.microsoft.com (157.54.79.159) by TK5-EXGWY-E802.partners.extranet.microsoft.com (10.251.56.168) with Microsoft SMTP Server (TLS) id 8.2.99.4; Mon, 15 Jun 2009 17:07:54 -0700 Received: from TK5EX14MLTW652.wingroup.windeploy.ntdev.microsoft.com (157.54.71.68) by TK5EX14MLTC104.redmond.corp.microsoft.com (157.54.79.159) with Microsoft SMTP Server id 14.0.601.1; Mon, 15 Jun 2009 17:07:51 -0700 Received: from TK5EX14MBXW651.wingroup.windeploy.ntdev.microsoft.com ([169.254.1.90]) by TK5EX14MLTW652.wingroup.windeploy.ntdev.microsoft.com ([157.54.71.68]) with mapi; Mon, 15 Jun 2009 17:07:51 -0700 From: Larry Zhu To: "Henry B. Hotz" , Simon Josefsson Thread-Topic: [Ietf-krb-wg] STARTTLS (was preauth-framework-12) Thread-Index: AQHJ7hPW5Yqo6NpKkES0YsilMALXJZBIT0Kw Date: Tue, 16 Jun 2009 00:07:50 +0000 Message-ID: References: <8B286FBC24EFFF4C7CE1AEC4@atlantis.pc.cs.cmu.edu> <87ws7dmy2z.fsf@mocca.josefsson.org> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: "ietf-krb-wg@anl.gov" , Jeffrey Hutzelman Subject: Re: [Ietf-krb-wg] STARTTLS (was preauth-framework-12) X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov It is clear that we need to a solution on the standards tracks. There is no consensus to put starttls on the standards tracks. However FAST has always been on the standards track on the get-go. The set of features offered by the two documents are sufficiently different that we should consider the two and the status of each independently. --Larry -----Original Message----- From: ietf-krb-wg-bounces@lists.anl.gov [mailto:ietf-krb-wg-bounces@lists.anl.gov] On Behalf Of Henry B. Hotz Sent: Monday, June 15, 2009 4:48 PM To: Simon Josefsson Cc: ietf-krb-wg@anl.gov; Jeffrey Hutzelman Subject: [Ietf-krb-wg] STARTTLS (was preauth-framework-12) I think I said back then that I supported publishing STARTTLS (as experimental, if it helps) as expeditiously as possible. Perhaps I mis-remember, but I thought the intent was to do both FAST and STARTTLS as experimental and promote one or both to standard status at a later date. If that wasn't the intent, let me propose it as a compromise. On Jun 15, 2009, at 6:21 AM, Simon Josefsson wrote: > My question about intended status of FAST and STARTTLS is still > unanswered: > > https://lists.anl.gov/pipermail/ietf-krb-wg/2009-May/007674.html > > As far as I understood the discussion at IETF 73 the intention then > was > to move forward both as Experimental. I would prefer to move forward > both as Proposed Standard, but can live with Experimental. The > arguments that FAST and STARTTLS are exclusive haven't been convincing > to me, thus I think both has merit. > > /Simon ------------------------------------------------------ The opinions expressed in this message are mine, not those of Caltech, JPL, NASA, or the US Government. Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Mon Jun 15 23:30:01 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 38CAA3A685D for ; Mon, 15 Jun 2009 23:30:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.585 X-Spam-Level: X-Spam-Status: No, score=-2.585 tagged_above=-999 required=5 tests=[AWL=0.014, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4CR2ZQrYjeJ7 for ; Mon, 15 Jun 2009 23:30:00 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id ED1A73A6405 for ; Mon, 15 Jun 2009 23:29:59 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id C7BFEE9; Tue, 16 Jun 2009 01:30:00 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 617D6E8; Tue, 16 Jun 2009 01:29:56 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 2854D80E07; Tue, 16 Jun 2009 01:29:56 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id E46D180E01 for ; Tue, 16 Jun 2009 01:29:53 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id D5F3BE6; Tue, 16 Jun 2009 01:29:53 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id D1162E8 for ; Tue, 16 Jun 2009 01:29:53 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id B31D1E6 for ; Tue, 16 Jun 2009 01:29:53 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 9B2577CC0D1; Tue, 16 Jun 2009 01:29:53 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 07512-03; Tue, 16 Jun 2009 01:29:53 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 708117CC0CF for ; Tue, 16 Jun 2009 01:29:53 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Aj0EAAPZNkpT8bEngWdsb2JhbACBT5cBAQEWJLoGhA0F X-IronPort-AV: E=Sophos;i="4.42,226,1243832400"; d="scan'208";a="28061667" Received: from yxa-v.extundo.com ([83.241.177.39]) by mailgateway.anl.gov with ESMTP; 16 Jun 2009 01:29:52 -0500 Received: from mocca.josefsson.org (c80-216-24-60.bredband.comhem.se [80.216.24.60]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5) with ESMTP id n5G6TlgR027152 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Tue, 16 Jun 2009 08:29:49 +0200 From: Simon Josefsson To: Larry Zhu References: <8B286FBC24EFFF4C7CE1AEC4@atlantis.pc.cs.cmu.edu> <87ws7dmy2z.fsf@mocca.josefsson.org> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:090616:hotz@jpl.nasa.gov::2QmM/LfFCApNAwLp:7plg X-Hashcash: 1:22:090616:jhutz@cmu.edu::saRBx21L7InzOeRK:FsgM X-Hashcash: 1:22:090616:ietf-krb-wg@anl.gov::+leS1OW+oduyldM4:NaJZ X-Hashcash: 1:22:090616:lzhu@windows.microsoft.com::umuu9JV4luieaZMO:D9VD Date: Tue, 16 Jun 2009 08:29:47 +0200 In-Reply-To: (Larry Zhu's message of "Tue, 16 Jun 2009 00:07:50 +0000") Message-ID: <87ocsolmhw.fsf@mocca.josefsson.org> User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.94 (gnu/linux) MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: "ietf-krb-wg@anl.gov" , Jeffrey Hutzelman Subject: Re: [Ietf-krb-wg] STARTTLS X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov Larry Zhu writes: > It is clear that we need to a solution on the standards tracks. There > is no consensus to put starttls on the standards tracks. There was consensus to add starttls to the WG charter. There were no indication at the time that publication would not use standards track, since that is the typical status for standards published by WGs. > However FAST has always been on the standards track on the get-go. Can you point to a reference? As far as I can tell, both starttls and fast have the same amount of support in the WG charter. > The set of features offered by the two documents are sufficiently > different that we should consider the two and the status of each > independently. I'm fine with that, but as far as I understand the assumption before was the opposite (hence the efforts to compare the two proposals). /Simon > --Larry > > -----Original Message----- From: ietf-krb-wg-bounces@lists.anl.gov > [mailto:ietf-krb-wg-bounces@lists.anl.gov] On Behalf Of Henry B. Hotz > Sent: Monday, June 15, 2009 4:48 PM To: Simon Josefsson Cc: > ietf-krb-wg@anl.gov; Jeffrey Hutzelman Subject: [Ietf-krb-wg] STARTTLS > (was preauth-framework-12) > > I think I said back then that I supported publishing STARTTLS (as > experimental, if it helps) as expeditiously as possible. > > Perhaps I mis-remember, but I thought the intent was to do both FAST > and STARTTLS as experimental and promote one or both to standard > status at a later date. If that wasn't the intent, let me propose it > as a compromise. > > On Jun 15, 2009, at 6:21 AM, Simon Josefsson wrote: > >> My question about intended status of FAST and STARTTLS is still >> unanswered: >> https://lists.anl.gov/pipermail/ietf-krb-wg/2009-May/007674.html >> As far as I understood the discussion at IETF 73 the intention then >> was to move forward both as Experimental. I would prefer to move >> forward both as Proposed Standard, but can live with Experimental. >> The arguments that FAST and STARTTLS are exclusive haven't been >> convincing to me, thus I think both has merit. >> /Simon > > ------------------------------------------------------ > The opinions expressed in this message are mine, > not those of Caltech, JPL, NASA, or the US Government. > Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu > > > > _______________________________________________ > ietf-krb-wg mailing list > ietf-krb-wg@lists.anl.gov > https://lists.anl.gov/mailman/listinfo/ietf-krb-wg > > _______________________________________________ > ietf-krb-wg mailing list > ietf-krb-wg@lists.anl.gov > https://lists.anl.gov/mailman/listinfo/ietf-krb-wg _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Mon Jun 15 23:34:28 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7347F3A69DB for ; Mon, 15 Jun 2009 23:34:28 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.586 X-Spam-Level: X-Spam-Status: No, score=-2.586 tagged_above=-999 required=5 tests=[AWL=0.013, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cyFUw2pRxTgD for ; Mon, 15 Jun 2009 23:34:27 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id A8C003A6986 for ; Mon, 15 Jun 2009 23:34:27 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 2251EF4; Tue, 16 Jun 2009 01:34:21 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id EC38CEB; Tue, 16 Jun 2009 01:34:20 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id D065280E07; Tue, 16 Jun 2009 01:34:20 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id C704D80E01 for ; Tue, 16 Jun 2009 01:34:19 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id B8074E9; Tue, 16 Jun 2009 01:34:19 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id B2D70EB for ; Tue, 16 Jun 2009 01:34:19 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id AD7CFE9 for ; Tue, 16 Jun 2009 01:34:19 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 964567CC0D1; Tue, 16 Jun 2009 01:34:19 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 07756-08; Tue, 16 Jun 2009 01:34:19 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 760F87CC0CF for ; Tue, 16 Jun 2009 01:34:19 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Aj0EAC/aNkpT8bEngWdsb2JhbACBT5cBAQEWJLoIhA0F X-IronPort-AV: E=Sophos;i="4.42,226,1243832400"; d="scan'208";a="28061726" Received: from yxa-v.extundo.com ([83.241.177.39]) by mailgateway.anl.gov with ESMTP; 16 Jun 2009 01:34:18 -0500 Received: from mocca.josefsson.org (c80-216-24-60.bredband.comhem.se [80.216.24.60]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5) with ESMTP id n5G6YFVW027269 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Tue, 16 Jun 2009 08:34:17 +0200 From: Simon Josefsson To: Nicolas Williams References: <8B286FBC24EFFF4C7CE1AEC4@atlantis.pc.cs.cmu.edu> <87ws7dmy2z.fsf@mocca.josefsson.org> <20090615235333.GI1308@Sun.COM> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:090616:nicolas.williams@sun.com::BjMkDBQNP0EbLM6g:7qt X-Hashcash: 1:22:090616:ietf-krb-wg@anl.gov::p46w3CYh8GAhusaO:CtrE X-Hashcash: 1:22:090616:hotz@jpl.nasa.gov::1G3L1XcgwJMDHH6f:IoPF X-Hashcash: 1:22:090616:jhutz@cmu.edu::uIYmmjA1cjlDDyM2:mM1A Date: Tue, 16 Jun 2009 08:34:13 +0200 In-Reply-To: <20090615235333.GI1308@Sun.COM> (Nicolas Williams's message of "Mon, 15 Jun 2009 18:53:33 -0500") Message-ID: <87k53clmai.fsf@mocca.josefsson.org> User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.94 (gnu/linux) MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: "ietf-krb-wg@anl.gov" , Jeffrey Hutzelman Subject: Re: [Ietf-krb-wg] STARTTLS X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov Nicolas Williams writes: > On Mon, Jun 15, 2009 at 04:48:25PM -0700, Henry B. Hotz wrote: >> I think I said back then that I supported publishing STARTTLS (as >> experimental, if it helps) as expeditiously as possible. >> >> Perhaps I mis-remember, but I thought the intent was to do both FAST >> and STARTTLS as experimental and promote one or both to standard >> status at a later date. If that wasn't the intent, let me propose it >> as a compromise. > > FAST has much more functionality, such as using host creds to protect > PA-ENC-TIMESTAMP, PA-ENC-TIMESTAMP with channel binding to anon-anon and > anon-not-anon DH PKINIT. The Start-tls proposal does not. Ergo I will > support FAST for the Standards-Track. As far as I can tell, that is supported by draft-josefsson-krb5starttls-bootstrap. > I don't mind if Start-tls goes on the Standards-Track or not; as long as > you use server certs to authenticate the KDC I think Start-tls is > sufficiently good to be on the Standards-Track, even though it lacks > important features. The document has explicitly allowed use of server certs since 2004. What other features are you thinking of? /Simon _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Tue Jun 16 00:00:22 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DF66A3A6C7E for ; Tue, 16 Jun 2009 00:00:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.544 X-Spam-Level: X-Spam-Status: No, score=-102.544 tagged_above=-999 required=5 tests=[AWL=0.055, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 05ZZGPhDnu+r for ; Tue, 16 Jun 2009 00:00:21 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id AD6173A6B0B for ; Tue, 16 Jun 2009 00:00:21 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 95C94ED; Tue, 16 Jun 2009 01:59:46 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 75549F1; Tue, 16 Jun 2009 01:59:45 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 12B3680E07; Tue, 16 Jun 2009 01:59:45 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id B9DC280E01 for ; Tue, 16 Jun 2009 01:59:42 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id AB757EA; Tue, 16 Jun 2009 01:59:42 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id A6C09ED for ; Tue, 16 Jun 2009 01:59:42 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 9D0E3EA for ; Tue, 16 Jun 2009 01:59:42 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 868327CC089; Tue, 16 Jun 2009 01:59:42 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 09065-03; Tue, 16 Jun 2009 01:59:42 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 541957CC080 for ; Tue, 16 Jun 2009 01:59:42 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AjwAABTgNkqDa3PXkWdsb2JhbACYUQEBAQEJCwoHEwajK5YwhA0F X-IronPort-AV: E=Sophos;i="4.42,226,1243832400"; d="scan'208";a="28061992" Received: from mail2.microsoft.com (HELO smtp.microsoft.com) ([131.107.115.215]) by mailgateway.anl.gov with ESMTP; 16 Jun 2009 01:59:41 -0500 Received: from TK5EX14MLTC103.redmond.corp.microsoft.com (157.54.79.174) by TK5-EXGWY-E802.partners.extranet.microsoft.com (10.251.56.168) with Microsoft SMTP Server (TLS) id 8.2.99.4; Mon, 15 Jun 2009 23:59:40 -0700 Received: from TK5EX14MLTW651.wingroup.windeploy.ntdev.microsoft.com (157.54.71.39) by TK5EX14MLTC103.redmond.corp.microsoft.com (157.54.79.174) with Microsoft SMTP Server id 14.0.601.1; Mon, 15 Jun 2009 23:59:40 -0700 Received: from TK5EX14MBXW651.wingroup.windeploy.ntdev.microsoft.com ([169.254.1.90]) by TK5EX14MLTW651.wingroup.windeploy.ntdev.microsoft.com ([157.54.71.39]) with mapi; Mon, 15 Jun 2009 23:59:40 -0700 From: Larry Zhu To: Simon Josefsson Thread-Topic: [Ietf-krb-wg] STARTTLS Thread-Index: AQHJ7kvvllMHyUKqfU+qeiB1a7dqmJBIvO9A Date: Tue, 16 Jun 2009 06:59:38 +0000 Message-ID: References: <8B286FBC24EFFF4C7CE1AEC4@atlantis.pc.cs.cmu.edu> <87ws7dmy2z.fsf@mocca.josefsson.org> <87ocsolmhw.fsf@mocca.josefsson.org> In-Reply-To: <87ocsolmhw.fsf@mocca.josefsson.org> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: "ietf-krb-wg@anl.gov" , Jeffrey Hutzelman Subject: Re: [Ietf-krb-wg] STARTTLS X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov Simon Josefsson wrote: >There was consensus to add starttls to the WG charter. There were no >indication at the time that publication would not use standards track, >since that is the typical status for standards published by WGs. This wg also produces informational documents. >Can you point to a reference? As far as I can tell, both starttls and >fast have the same amount of support in the WG charter The most recent one is here: https://lists.anl.gov/pipermail/ietf-krb-wg/2009-June/007714.html note that the last call document status is "standards track". > I'm fine with that, but as far as I understand the assumption before was > the opposite (hence the efforts to compare the two proposals). We ought not to have two solutions for the same thing. Do you think you or anyone else can volunteer to update starttls to match the feature set in fast? If starttls cannot solve critical problems such as auth factor chaining, channel bindings, allowing anonymous channels etc, it should be reasonable to assume that starttls should retire as experimental. Thanks for the push! You can continue to present the case where starttls has its own use cases, therefore to keep it progressing toward the standard tracks go forward. --Larry -----Original Message----- From: ietf-krb-wg-bounces@lists.anl.gov [mailto:ietf-krb-wg-bounces@lists.anl.gov] On Behalf Of Simon Josefsson Sent: Monday, June 15, 2009 11:30 PM To: Larry Zhu Cc: ietf-krb-wg@anl.gov; Jeffrey Hutzelman Subject: Re: [Ietf-krb-wg] STARTTLS Larry Zhu writes: > It is clear that we need to a solution on the standards tracks. There > is no consensus to put starttls on the standards tracks. There was consensus to add starttls to the WG charter. There were no indication at the time that publication would not use standards track, since that is the typical status for standards published by WGs. > However FAST has always been on the standards track on the get-go. Can you point to a reference? As far as I can tell, both starttls and fast have the same amount of support in the WG charter. > The set of features offered by the two documents are sufficiently > different that we should consider the two and the status of each > independently. I'm fine with that, but as far as I understand the assumption before was the opposite (hence the efforts to compare the two proposals). /Simon > --Larry > > -----Original Message----- From: ietf-krb-wg-bounces@lists.anl.gov > [mailto:ietf-krb-wg-bounces@lists.anl.gov] On Behalf Of Henry B. Hotz > Sent: Monday, June 15, 2009 4:48 PM To: Simon Josefsson Cc: > ietf-krb-wg@anl.gov; Jeffrey Hutzelman Subject: [Ietf-krb-wg] STARTTLS > (was preauth-framework-12) > > I think I said back then that I supported publishing STARTTLS (as > experimental, if it helps) as expeditiously as possible. > > Perhaps I mis-remember, but I thought the intent was to do both FAST > and STARTTLS as experimental and promote one or both to standard > status at a later date. If that wasn't the intent, let me propose it > as a compromise. > > On Jun 15, 2009, at 6:21 AM, Simon Josefsson wrote: > >> My question about intended status of FAST and STARTTLS is still >> unanswered: >> https://lists.anl.gov/pipermail/ietf-krb-wg/2009-May/007674.html >> As far as I understood the discussion at IETF 73 the intention then >> was to move forward both as Experimental. I would prefer to move >> forward both as Proposed Standard, but can live with Experimental. >> The arguments that FAST and STARTTLS are exclusive haven't been >> convincing to me, thus I think both has merit. >> /Simon > > ------------------------------------------------------ > The opinions expressed in this message are mine, > not those of Caltech, JPL, NASA, or the US Government. > Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu > > > > _______________________________________________ > ietf-krb-wg mailing list > ietf-krb-wg@lists.anl.gov > https://lists.anl.gov/mailman/listinfo/ietf-krb-wg > > _______________________________________________ > ietf-krb-wg mailing list > ietf-krb-wg@lists.anl.gov > https://lists.anl.gov/mailman/listinfo/ietf-krb-wg _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Tue Jun 16 00:18:04 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 075FA3A6C7E for ; Tue, 16 Jun 2009 00:18:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.587 X-Spam-Level: X-Spam-Status: No, score=-2.587 tagged_above=-999 required=5 tests=[AWL=0.012, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rtPJbJFojzD2 for ; Tue, 16 Jun 2009 00:18:02 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id D47D53A6887 for ; Tue, 16 Jun 2009 00:18:02 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id C76F2FB; Tue, 16 Jun 2009 02:17:03 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 95DD8F4; Tue, 16 Jun 2009 02:17:03 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 5291A80E01; Tue, 16 Jun 2009 02:17:03 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 5210580E07 for ; Tue, 16 Jun 2009 02:17:01 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 42FBFEA; Tue, 16 Jun 2009 02:17:01 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 3FB39ED for ; Tue, 16 Jun 2009 02:17:01 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 21A38EA for ; Tue, 16 Jun 2009 02:17:01 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 08A057CC0D1; Tue, 16 Jun 2009 02:17:01 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 10406-07; Tue, 16 Jun 2009 02:17:00 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id D07A17CC079 for ; Tue, 16 Jun 2009 02:17:00 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Aj0EAJnjNkpT8bEngWdsb2JhbACBT5cCAQEWJLlYhA0F X-IronPort-AV: E=Sophos;i="4.42,226,1243832400"; d="scan'208";a="28062281" Received: from yxa-v.extundo.com ([83.241.177.39]) by mailgateway.anl.gov with ESMTP; 16 Jun 2009 02:17:00 -0500 Received: from mocca.josefsson.org (c80-216-24-60.bredband.comhem.se [80.216.24.60]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5) with ESMTP id n5G7GuxC028381 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Tue, 16 Jun 2009 09:16:58 +0200 From: Simon Josefsson To: Larry Zhu References: <8B286FBC24EFFF4C7CE1AEC4@atlantis.pc.cs.cmu.edu> <87ws7dmy2z.fsf@mocca.josefsson.org> <87ocsolmhw.fsf@mocca.josefsson.org> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:090616:ietf-krb-wg@anl.gov::GEteqf89SuKGTOmA:3MKD X-Hashcash: 1:22:090616:jhutz@cmu.edu::NP8qx4lNAtdKt6dQ:MxUT X-Hashcash: 1:22:090616:lzhu@windows.microsoft.com::/oeC/pJ9dFcBUcjc:c+nk Date: Tue, 16 Jun 2009 09:16:56 +0200 In-Reply-To: (Larry Zhu's message of "Tue, 16 Jun 2009 06:59:38 +0000") Message-ID: <87ocsok5qv.fsf@mocca.josefsson.org> User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.94 (gnu/linux) MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: "ietf-krb-wg@anl.gov" , Jeffrey Hutzelman Subject: Re: [Ietf-krb-wg] STARTTLS X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov Larry Zhu writes: >>> However FAST has always been on the standards track on the get-go. >>Can you point to a reference? As far as I can tell, both starttls and >>fast have the same amount of support in the WG charter > > The most recent one is here: > https://lists.anl.gov/pipermail/ietf-krb-wg/2009-June/007714.html > note that the last call document status is "standards track". As far as I can tell, that is a call for consensus and not declaration of consensus. >>>The set of features offered by the two documents are sufficiently >>>different that we should consider the two and the status of each >>>independently. >> I'm fine with that, but as far as I understand the assumption before was >> the opposite (hence the efforts to compare the two proposals). > > We ought not to have two solutions for the same thing. I agree. I don't think FAST and STARTTLS is the same thing. It seemed you agree with that in the quoted text above, where you asserted that the features are different. > Do you think you or anyone else can volunteer to update starttls to > match the feature set in fast? I have posted http://tools.ietf.org/html/draft-josefsson-krb5starttls-bootstrap-02 to address some of the feature requests. However, if you believe we should not have two solutions for the same thing, it seems pointless to make krb5starttls provide the same features as FAST? > If starttls cannot solve critical problems such as auth factor > chaining, channel bindings, allowing anonymous channels etc, it should > be reasonable to assume that starttls should retire as > experimental. Doesn't FAST solve those issues? Krb5starttls can be used together with FAST. Krb5starttls provides features that FAST doesn't. You CAN use krb5starttls to implement some if not all of features provided by FAST, and some are described by draft-josefsson-krb5starttls-bootstrap-02. But it isn't clear if that is a good idea or not. You appear to be saying that it isn't a good idea, but also ask that it should be done. > Thanks for the push! You can continue to present the case where > starttls has its own use cases, therefore to keep it progressing > toward the standard tracks go forward. The case for STARTTLS is described in the document, and includes OpenPGP authentication against KDCs. FAST does not support that as far as I can tell, and that is one of the driving reasons for krb5starttls. /Simon _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Tue Jun 16 00:38:01 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 82ED53A69D6 for ; Tue, 16 Jun 2009 00:38:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.549 X-Spam-Level: X-Spam-Status: No, score=-102.549 tagged_above=-999 required=5 tests=[AWL=0.050, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SCG7tTDzatPl for ; Tue, 16 Jun 2009 00:38:00 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 32E2F3A69CC for ; Tue, 16 Jun 2009 00:38:00 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id E865FF3; Tue, 16 Jun 2009 02:37:05 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 6FE62F8; Tue, 16 Jun 2009 02:37:04 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 16FB080E07; Tue, 16 Jun 2009 02:37:04 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 4D93280E01 for ; Tue, 16 Jun 2009 02:37:02 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 3D91DF1; Tue, 16 Jun 2009 02:37:02 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 3760AF3 for ; Tue, 16 Jun 2009 02:37:02 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 32449F1 for ; Tue, 16 Jun 2009 02:37:02 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 1AC4E7CC0D1; Tue, 16 Jun 2009 02:37:02 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 11895-08; Tue, 16 Jun 2009 02:37:01 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id E19837CC0CD for ; Tue, 16 Jun 2009 02:37:01 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Aj4AAD7oNkqDa3PXkWdsb2JhbACYUQEBAQEJCwoHEwYWoyOWM4I4gVUF X-IronPort-AV: E=Sophos;i="4.42,227,1243832400"; d="scan'208";a="28062594" Received: from mail2.microsoft.com (HELO smtp.microsoft.com) ([131.107.115.215]) by mailgateway.anl.gov with ESMTP; 16 Jun 2009 02:37:01 -0500 Received: from TK5EX14MLTC102.redmond.corp.microsoft.com (157.54.79.180) by TK5-EXGWY-E802.partners.extranet.microsoft.com (10.251.56.168) with Microsoft SMTP Server (TLS) id 8.2.99.4; Tue, 16 Jun 2009 00:37:00 -0700 Received: from TK5EX14MLTW651.wingroup.windeploy.ntdev.microsoft.com (157.54.71.39) by TK5EX14MLTC102.redmond.corp.microsoft.com (157.54.79.180) with Microsoft SMTP Server id 14.0.601.1; Tue, 16 Jun 2009 00:37:00 -0700 Received: from TK5EX14MBXW651.wingroup.windeploy.ntdev.microsoft.com ([169.254.1.90]) by TK5EX14MLTW651.wingroup.windeploy.ntdev.microsoft.com ([157.54.71.39]) with mapi; Tue, 16 Jun 2009 00:37:00 -0700 From: Larry Zhu To: Simon Josefsson Thread-Topic: STARTTLS Thread-Index: AQHJ7lJ7/7a7GzIFK02hWRe/rXvem5BIyV5A Date: Tue, 16 Jun 2009 07:36:58 +0000 Message-ID: References: <8B286FBC24EFFF4C7CE1AEC4@atlantis.pc.cs.cmu.edu> <87ws7dmy2z.fsf@mocca.josefsson.org> <87ocsolmhw.fsf@mocca.josefsson.org> <87ocsok5qv.fsf@mocca.josefsson.org> In-Reply-To: <87ocsok5qv.fsf@mocca.josefsson.org> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: "ietf-krb-wg@anl.gov" , Jeffrey Hutzelman Subject: Re: [Ietf-krb-wg] STARTTLS X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov Simon Josefsson wrote: > As far as I can tell, that is a call for consensus and not declaration > of consensus. It is not worth quibbling on this though it should be obvious that the intention is to last call a proposed standard document. > I agree. I don't think FAST and STARTTLS is the same thing. It seemed >you agree with that in the quoted text above, where you asserted that > the features are different. Right, but let's emphasize the difference, not the other way around. > However, if you believe we should not have two solutions for the same > thing, it seems pointless to make krb5starttls provide the same features > as FAST? Agreed. Going forward it is more productive for starttls to compliment FAST, not to compete for the overlapped use cases. If there were a window of opportunities to do the later, but that window seems to either have closed already or is closing rapidly. >Doesn't FAST solve those issues? Krb5starttls can be used together with >FAST. Krb5starttls provides features that FAST doesn't. How do we justify the cost of deploy starttls? We need be able to understand the benefits of doing so when we already have fast. >You CAN use krb5starttls to implement some if not all of features >provided by FAST, and some are described by >draft-josefsson-krb5starttls-bootstrap-02. But it isn't clear if that >is a good idea or not. You appear to be saying that it isn't a good >idea, but also ask that it should be done. I think it is moot to duplicate the features. This WG needs to build solutions to the deployment problems and we should avoid creating marketing confusions. The situation now is that we have one that is ready so the choice is clear. > The case for STARTTLS is described in the document, and includes OpenPGP > authentication against KDCs. FAST does not support that as far as I can >tell, and that is one of the driving reasons for krb5starttls. It does not seem compelling though. One can use PKINIT and self-signed certificates to achieve the same effect. -----Original Message----- From: Simon Josefsson [mailto:simon@josefsson.org] Sent: Tuesday, June 16, 2009 12:17 AM To: Larry Zhu Cc: ietf-krb-wg@anl.gov; Jeffrey Hutzelman Subject: Re: STARTTLS Larry Zhu writes: >>> However FAST has always been on the standards track on the get-go. >>Can you point to a reference? As far as I can tell, both starttls and >>fast have the same amount of support in the WG charter > > The most recent one is here: > https://lists.anl.gov/pipermail/ietf-krb-wg/2009-June/007714.html > note that the last call document status is "standards track". As far as I can tell, that is a call for consensus and not declaration of consensus. >>>The set of features offered by the two documents are sufficiently >>>different that we should consider the two and the status of each >>>independently. >> I'm fine with that, but as far as I understand the assumption before was >> the opposite (hence the efforts to compare the two proposals). > > We ought not to have two solutions for the same thing. I agree. I don't think FAST and STARTTLS is the same thing. It seemed you agree with that in the quoted text above, where you asserted that the features are different. > Do you think you or anyone else can volunteer to update starttls to > match the feature set in fast? I have posted http://tools.ietf.org/html/draft-josefsson-krb5starttls-bootstrap-02 to address some of the feature requests. However, if you believe we should not have two solutions for the same thing, it seems pointless to make krb5starttls provide the same features as FAST? > If starttls cannot solve critical problems such as auth factor > chaining, channel bindings, allowing anonymous channels etc, it should > be reasonable to assume that starttls should retire as > experimental. Doesn't FAST solve those issues? Krb5starttls can be used together with FAST. Krb5starttls provides features that FAST doesn't. You CAN use krb5starttls to implement some if not all of features provided by FAST, and some are described by draft-josefsson-krb5starttls-bootstrap-02. But it isn't clear if that is a good idea or not. You appear to be saying that it isn't a good idea, but also ask that it should be done. > Thanks for the push! You can continue to present the case where > starttls has its own use cases, therefore to keep it progressing > toward the standard tracks go forward. The case for STARTTLS is described in the document, and includes OpenPGP authentication against KDCs. FAST does not support that as far as I can tell, and that is one of the driving reasons for krb5starttls. /Simon _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Tue Jun 16 00:45:47 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4AFFA3A691F for ; Tue, 16 Jun 2009 00:45:47 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.587 X-Spam-Level: X-Spam-Status: No, score=-2.587 tagged_above=-999 required=5 tests=[AWL=0.012, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xanO8nCcrG2i for ; Tue, 16 Jun 2009 00:45:46 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 590CE3A687C for ; Tue, 16 Jun 2009 00:45:46 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 5FDE3FB; Tue, 16 Jun 2009 02:45:37 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 4C0EDF4; Tue, 16 Jun 2009 02:45:36 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 31F9180E07; Tue, 16 Jun 2009 02:45:36 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id CC2BB80E01 for ; Tue, 16 Jun 2009 02:45:34 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id BD425F1; Tue, 16 Jun 2009 02:45:34 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id B868CF3 for ; Tue, 16 Jun 2009 02:45:34 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id B310AF1 for ; Tue, 16 Jun 2009 02:45:34 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 9D9037CC0D1; Tue, 16 Jun 2009 02:45:34 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 12424-10; Tue, 16 Jun 2009 02:45:34 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 7FE0E7CC0CD for ; Tue, 16 Jun 2009 02:45:34 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Aj0EAJfqNkpT8bEngWdsb2JhbACBT5cCAQEWJLlphA0F X-IronPort-AV: E=Sophos;i="4.42,227,1243832400"; d="scan'208";a="28062719" Received: from yxa-v.extundo.com ([83.241.177.39]) by mailgateway.anl.gov with ESMTP; 16 Jun 2009 02:45:33 -0500 Received: from mocca.josefsson.org (c80-216-24-60.bredband.comhem.se [80.216.24.60]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5) with ESMTP id n5G7jUUs029196 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Tue, 16 Jun 2009 09:45:32 +0200 From: Simon Josefsson To: Larry Zhu References: <8B286FBC24EFFF4C7CE1AEC4@atlantis.pc.cs.cmu.edu> <87ws7dmy2z.fsf@mocca.josefsson.org> <87ocsolmhw.fsf@mocca.josefsson.org> <87ocsok5qv.fsf@mocca.josefsson.org> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:090616:ietf-krb-wg@anl.gov::K1voKZsJekW7JHYH:4wDk X-Hashcash: 1:22:090616:jhutz@cmu.edu::s8pwOkYwVAgcFHOh:FrtO X-Hashcash: 1:22:090616:lzhu@windows.microsoft.com::H7PVjnHNy2vg8GyU:FU4u Date: Tue, 16 Jun 2009 09:45:30 +0200 In-Reply-To: (Larry Zhu's message of "Tue, 16 Jun 2009 07:36:58 +0000") Message-ID: <877hzck4f9.fsf@mocca.josefsson.org> User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.94 (gnu/linux) MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: "ietf-krb-wg@anl.gov" , Jeffrey Hutzelman Subject: Re: [Ietf-krb-wg] STARTTLS X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov Larry Zhu writes: >> The case for STARTTLS is described in the document, and includes OpenPGP >> authentication against KDCs. FAST does not support that as far as I can >>tell, and that is one of the driving reasons for krb5starttls. > > It does not seem compelling though. One can use PKINIT and self-signed > certificates to achieve the same effect. How would that work? The assumption is that the KDC has a list of trusted OpenPGP keys that maps to Kerberos usernames. I don't see how a KDC would be able to authenticate a self-signed certificate against the OpenPGP web of trust. /Simon _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Tue Jun 16 00:49:44 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D8E8F3A659C for ; Tue, 16 Jun 2009 00:49:44 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.553 X-Spam-Level: X-Spam-Status: No, score=-102.553 tagged_above=-999 required=5 tests=[AWL=0.046, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oQSP+Tf6lGPd for ; Tue, 16 Jun 2009 00:49:43 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id C0A233A6A17 for ; Tue, 16 Jun 2009 00:49:43 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 55BF0FC; Tue, 16 Jun 2009 02:49:00 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 21957F4; Tue, 16 Jun 2009 02:49:00 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id F277780E07; Tue, 16 Jun 2009 02:48:59 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id B3D2380E01 for ; Tue, 16 Jun 2009 02:48:58 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id A50DAF4; Tue, 16 Jun 2009 02:48:58 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id A0409F7 for ; Tue, 16 Jun 2009 02:48:58 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 839EAF4 for ; Tue, 16 Jun 2009 02:48:58 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 681827CC0D4; Tue, 16 Jun 2009 02:48:58 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 12670-06; Tue, 16 Jun 2009 02:48:58 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 42C907CC0CE for ; Tue, 16 Jun 2009 02:48:58 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AjwAAMPrNkqDa3PUkGdsb2JhbACYUQEBAQEJCQwHEwajHJY2hA0F X-IronPort-AV: E=Sophos;i="4.42,227,1243832400"; d="scan'208";a="28062760" Received: from maila.microsoft.com (HELO smtp.microsoft.com) ([131.107.115.212]) by mailgateway.anl.gov with ESMTP; 16 Jun 2009 02:48:49 -0500 Received: from TK5EX14MLTC102.redmond.corp.microsoft.com (157.54.79.180) by TK5-EXGWY-E801.partners.extranet.microsoft.com (10.251.56.50) with Microsoft SMTP Server (TLS) id 8.2.99.4; Tue, 16 Jun 2009 00:48:48 -0700 Received: from TK5EX14MLTW651.wingroup.windeploy.ntdev.microsoft.com (157.54.71.39) by TK5EX14MLTC102.redmond.corp.microsoft.com (157.54.79.180) with Microsoft SMTP Server id 14.0.601.1; Tue, 16 Jun 2009 00:48:48 -0700 Received: from TK5EX14MBXW651.wingroup.windeploy.ntdev.microsoft.com ([169.254.1.90]) by TK5EX14MLTW651.wingroup.windeploy.ntdev.microsoft.com ([157.54.71.39]) with mapi; Tue, 16 Jun 2009 00:48:48 -0700 From: Larry Zhu To: Simon Josefsson Thread-Topic: [Ietf-krb-wg] STARTTLS Thread-Index: AQHJ7lZrllMHyUKqfU+qeiB1a7dqmJBI0Jpw Date: Tue, 16 Jun 2009 07:48:47 +0000 Message-ID: References: <8B286FBC24EFFF4C7CE1AEC4@atlantis.pc.cs.cmu.edu> <87ws7dmy2z.fsf@mocca.josefsson.org> <87ocsolmhw.fsf@mocca.josefsson.org> <87ocsok5qv.fsf@mocca.josefsson.org> <877hzck4f9.fsf@mocca.josefsson.org> In-Reply-To: <877hzck4f9.fsf@mocca.josefsson.org> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: "ietf-krb-wg@anl.gov" , Jeffrey Hutzelman Subject: Re: [Ietf-krb-wg] STARTTLS X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov Simon wrote: > How would that work? The assumption is that the KDC has a list of > trusted OpenPGP keys that maps to Kerberos usernames. I don't see how a > KDC would be able to authenticate a self-signed certificate against the > OpenPGP web of trust. I do not quite understand the use case here but then this could be an opportunity for starttls to shine. --Larry -----Original Message----- From: ietf-krb-wg-bounces@lists.anl.gov [mailto:ietf-krb-wg-bounces@lists.anl.gov] On Behalf Of Simon Josefsson Sent: Tuesday, June 16, 2009 12:46 AM To: Larry Zhu Cc: ietf-krb-wg@anl.gov; Jeffrey Hutzelman Subject: Re: [Ietf-krb-wg] STARTTLS Larry Zhu writes: >> The case for STARTTLS is described in the document, and includes OpenPGP >> authentication against KDCs. FAST does not support that as far as I can >>tell, and that is one of the driving reasons for krb5starttls. > > It does not seem compelling though. One can use PKINIT and self-signed > certificates to achieve the same effect. How would that work? The assumption is that the KDC has a list of trusted OpenPGP keys that maps to Kerberos usernames. I don't see how a KDC would be able to authenticate a self-signed certificate against the OpenPGP web of trust. /Simon _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Tue Jun 16 06:54:16 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 867C53A6AC5 for ; Tue, 16 Jun 2009 06:54:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.545 X-Spam-Level: X-Spam-Status: No, score=-2.545 tagged_above=-999 required=5 tests=[AWL=0.054, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OynCx7fLmzl3 for ; Tue, 16 Jun 2009 06:54:15 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 4912A3A6AB6 for ; Tue, 16 Jun 2009 06:54:15 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id EA083114; Tue, 16 Jun 2009 08:53:19 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 04C4C10D; Tue, 16 Jun 2009 08:53:16 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id D178F80E07; Tue, 16 Jun 2009 08:53:16 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 9F71380E01 for ; Tue, 16 Jun 2009 08:53:14 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 9158810B; Tue, 16 Jun 2009 08:53:14 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 8CA1010D for ; Tue, 16 Jun 2009 08:53:14 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 879F810B for ; Tue, 16 Jun 2009 08:53:14 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 711F77CC0BA; Tue, 16 Jun 2009 08:53:14 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 04349-02; Tue, 16 Jun 2009 08:53:14 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 51C177CC09F for ; Tue, 16 Jun 2009 08:53:14 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApoEACNAN0pFGcSy/2dsb2JhbADFLIY1iFGEDQU X-IronPort-AV: E=Sophos;i="4.42,228,1243832400"; d="scan'208";a="28073996" Received: from carter-zimmerman.suchdamage.org ([69.25.196.178]) by mailgateway.anl.gov with ESMTP; 16 Jun 2009 08:53:14 -0500 Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 1B2004142; Tue, 16 Jun 2009 09:52:48 -0400 (EDT) To: Larry Zhu References: <8B286FBC24EFFF4C7CE1AEC4@atlantis.pc.cs.cmu.edu> <87ws7dmy2z.fsf@mocca.josefsson.org> From: Sam Hartman Date: Tue, 16 Jun 2009 09:52:48 -0400 In-Reply-To: (Larry Zhu's message of "Tue\, 16 Jun 2009 00\:07\:50 +0000") Message-ID: User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux) MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: Simon Josefsson , Jeffrey Hutzelman , "ietf-krb-wg@anl.gov" Subject: Re: [Ietf-krb-wg] STARTTLS X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov >>>>> "Larry" == Larry Zhu writes: Larry> It is clear that we need to a solution on the standards Larry> tracks. There is no consensus to put starttls on the Larry> standards tracks. However FAST has always been on the Larry> standards track on the get-go. The set of features offered Larry> by the two documents are sufficiently different that we Larry> should consider the two and the status of each Larry> independently. I think Simon has the history more correct. I think we discussed moving FAST from standards track to experimental either at Dublin or the IETF before that. Since then FAST has gained significant implementation experience and I believe spec clarity. As such, I support publishing FAST on the standards track. I'll admit that when I was evaluating starttls most recently, I was considering it for the informational/experimental track. I'll have to go back and read it for standards track. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Tue Jun 16 08:29:22 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id ECBDE3A691F for ; Tue, 16 Jun 2009 08:29:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.547 X-Spam-Level: X-Spam-Status: No, score=-2.547 tagged_above=-999 required=5 tests=[AWL=0.052, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b8qhvmPyh5wg for ; Tue, 16 Jun 2009 08:29:22 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id DA9373A6AEC for ; Tue, 16 Jun 2009 08:29:21 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id E49B78D; Tue, 16 Jun 2009 10:29:13 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id EEE2A114; Tue, 16 Jun 2009 10:29:11 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 7E97D80E07; Tue, 16 Jun 2009 10:29:11 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 1029780E05 for ; Tue, 16 Jun 2009 10:29:10 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 0B40E10B; Tue, 16 Jun 2009 10:29:10 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 0629B112 for ; Tue, 16 Jun 2009 10:29:10 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 005FB110 for ; Tue, 16 Jun 2009 10:29:09 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id DBA147CC0B4; Tue, 16 Jun 2009 10:29:09 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 31917-01-2; Tue, 16 Jun 2009 10:29:09 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 03E9D7CC0D5 for ; Tue, 16 Jun 2009 10:29:08 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApoEAJ1XN0pFGcSy/2dsb2JhbADGLIZMiFGEDQU X-IronPort-AV: E=Sophos;i="4.42,229,1243832400"; d="scan'208";a="28079582" Received: from carter-zimmerman.suchdamage.org ([69.25.196.178]) by mailgateway.anl.gov with ESMTP; 16 Jun 2009 10:29:07 -0500 Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 83A184142; Tue, 16 Jun 2009 11:28:41 -0400 (EDT) To: ietf-krb-wg@anl.gov From: Sam Hartman Date: Tue, 16 Jun 2009 11:28:41 -0400 Message-ID: User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux) MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Subject: [Ietf-krb-wg] starttls X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov I've reviewed the starttls draft again. I support publication of the current version of the draft on the informational or experimental track. I would prefer that the pre-authentication framework and FAST be the IETF's recommended approach for securing Kerberos going forward. I'm not sure that we need two alternatives for this problem space and I think that FAST provides a better solution than starttls. So, I do not prefer to publish starttls on the standards track--don't count me as a supporter. However I understand that my preference is a engineering preference. Simon is using a different design esthetic in starttls and I can easily understand why someone might prefer that esthetic. Starttls is definitely a simpler document than the pre-authentication framework. I object to publishing the current version of starttls on the standards track because of the certificate validation strategy. There is no mandatory-to-implement certificate type. Rules are provided if X.509 certificates are used, but clients and KDCs are not required to implement support for X.509 certificates and these rules. I fully understand that some deployments do not lend themselves to certificate validation. However I think at least KDCs need to have a mandatory to implement certificate type and clients need to have a mandatory-to-implement validation rule if they support validation at all. If that were fixed, I'd be neutral on starttls on the standards track. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Tue Jun 16 09:18:01 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 126CC3A6BD5 for ; Tue, 16 Jun 2009 09:18:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.548 X-Spam-Level: X-Spam-Status: No, score=-2.548 tagged_above=-999 required=5 tests=[AWL=0.051, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j7tP4UooiWCA for ; Tue, 16 Jun 2009 09:18:00 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 2A54C3A6AC1 for ; Tue, 16 Jun 2009 09:18:00 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 0888F122; Tue, 16 Jun 2009 10:40:51 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id BFD67120; Tue, 16 Jun 2009 10:40:49 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id A274F80E07; Tue, 16 Jun 2009 10:40:49 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id D303680E05 for ; Tue, 16 Jun 2009 10:40:47 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id C4219116; Tue, 16 Jun 2009 10:40:47 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id BF661119 for ; Tue, 16 Jun 2009 10:40:47 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id B9A52116 for ; Tue, 16 Jun 2009 10:40:47 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id A2EA17CC0BC; Tue, 16 Jun 2009 10:40:47 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 02884-01; Tue, 16 Jun 2009 10:40:47 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 7EC8C7CC0BA for ; Tue, 16 Jun 2009 10:40:47 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApoEAP9ZN0pFGcSy/2dsb2JhbADGI4ZPiFGEDQU X-IronPort-AV: E=Sophos;i="4.42,229,1243832400"; d="scan'208";a="28080274" Received: from carter-zimmerman.suchdamage.org ([69.25.196.178]) by mailgateway.anl.gov with ESMTP; 16 Jun 2009 10:40:47 -0500 Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 87DAE4142; Tue, 16 Jun 2009 11:40:22 -0400 (EDT) To: Simon Josefsson References: <8B286FBC24EFFF4C7CE1AEC4@atlantis.pc.cs.cmu.edu> <87ws7dmy2z.fsf@mocca.josefsson.org> <87ocsolmhw.fsf@mocca.josefsson.org> <87ocsok5qv.fsf@mocca.josefsson.org> From: Sam Hartman Date: Tue, 16 Jun 2009 11:40:22 -0400 In-Reply-To: <87ocsok5qv.fsf@mocca.josefsson.org> (Simon Josefsson's message of "Tue\, 16 Jun 2009 09\:16\:56 +0200") Message-ID: User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux) MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: Jeffrey Hutzelman , "ietf-krb-wg@anl.gov" Subject: Re: [Ietf-krb-wg] STARTTLS X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov >>>>> "Simon" == Simon Josefsson writes: >> Thanks for the push! You can continue to present the case where >> starttls has its own use cases, therefore to keep it >> progressing toward the standard tracks go forward. Simon> The case for STARTTLS is described in the document, and Simon> includes OpenPGP authentication against KDCs. FAST does Simon> not support that as far as I can tell, and that is one of Simon> the driving reasons for krb5starttls. Simon, I see no text in the document that shows how you would use starttls to provide client authentication to the KDC. If that is within scope for the current draft, I probably have additional concerns regarding spec clarity for standards track. If you are saying you could build that on top of starttls but the current spec does not do so I agree. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Tue Jun 16 11:44:14 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B3B183A6BC8 for ; Tue, 16 Jun 2009 11:44:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.556 X-Spam-Level: X-Spam-Status: No, score=-102.556 tagged_above=-999 required=5 tests=[AWL=0.043, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NlbbWk5N+z55 for ; Tue, 16 Jun 2009 11:44:13 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id B00683A6A2F for ; Tue, 16 Jun 2009 11:44:13 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 8BDC24C; Tue, 16 Jun 2009 13:44:24 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 3CCBC48; Tue, 16 Jun 2009 13:44:21 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id E59A280E05; Tue, 16 Jun 2009 13:44:20 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 6E38E80E01 for ; Tue, 16 Jun 2009 13:44:19 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 63F572A; Tue, 16 Jun 2009 13:44:19 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 57E1C3E for ; Tue, 16 Jun 2009 13:44:19 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 3F0772A for ; Tue, 16 Jun 2009 13:44:19 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id ABA7E7CC0E6; Tue, 16 Jun 2009 13:44:18 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 18220-03-16; Tue, 16 Jun 2009 13:44:18 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 3C9E97CC11F for ; Tue, 16 Jun 2009 13:44:15 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AkgAAEeFN0qDa3PXkWdsb2JhbACYUgEBAQEJCwoHEwalfJcPhAsFiFo X-IronPort-AV: E=Sophos;i="4.42,231,1243832400"; d="scan'208";a="28090071" Received: from smtp.microsoft.com ([131.107.115.215]) by mailgateway.anl.gov with ESMTP; 16 Jun 2009 13:44:06 -0500 Received: from TK5EX14MLTC103.redmond.corp.microsoft.com (157.54.79.174) by TK5-EXGWY-E802.partners.extranet.microsoft.com (10.251.56.168) with Microsoft SMTP Server (TLS) id 8.2.99.4; Tue, 16 Jun 2009 11:44:06 -0700 Received: from TK5EX14MLTW651.wingroup.windeploy.ntdev.microsoft.com (157.54.71.39) by TK5EX14MLTC103.redmond.corp.microsoft.com (157.54.79.174) with Microsoft SMTP Server id 14.0.601.1; Tue, 16 Jun 2009 11:37:31 -0700 Received: from TK5EX14MBXW651.wingroup.windeploy.ntdev.microsoft.com ([169.254.1.90]) by TK5EX14MLTW651.wingroup.windeploy.ntdev.microsoft.com ([157.54.71.39]) with mapi; Tue, 16 Jun 2009 11:37:30 -0700 From: Larry Zhu To: Sam Hartman , Simon Josefsson Thread-Topic: [Ietf-krb-wg] STARTTLS Thread-Index: AQHJ7pjCM2rCY0mcvk69TaFuOwnukpBJbcKw Date: Tue, 16 Jun 2009 18:37:30 +0000 Message-ID: References: <8B286FBC24EFFF4C7CE1AEC4@atlantis.pc.cs.cmu.edu> <87ws7dmy2z.fsf@mocca.josefsson.org> <87ocsolmhw.fsf@mocca.josefsson.org> <87ocsok5qv.fsf@mocca.josefsson.org> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: "ietf-krb-wg@anl.gov" , Jeffrey Hutzelman Subject: Re: [Ietf-krb-wg] STARTTLS X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov I would like to clarify that my recent comments on starttls are opinions expressed as an individual. -----Original Message----- From: Sam Hartman [mailto:hartmans-ietf@mit.edu] Sent: Tuesday, June 16, 2009 8:40 AM To: Simon Josefsson Cc: Larry Zhu; ietf-krb-wg@anl.gov; Jeffrey Hutzelman Subject: Re: [Ietf-krb-wg] STARTTLS >>>>> "Simon" == Simon Josefsson writes: >> Thanks for the push! You can continue to present the case where >> starttls has its own use cases, therefore to keep it >> progressing toward the standard tracks go forward. Simon> The case for STARTTLS is described in the document, and Simon> includes OpenPGP authentication against KDCs. FAST does Simon> not support that as far as I can tell, and that is one of Simon> the driving reasons for krb5starttls. Simon, I see no text in the document that shows how you would use starttls to provide client authentication to the KDC. If that is within scope for the current draft, I probably have additional concerns regarding spec clarity for standards track. If you are saying you could build that on top of starttls but the current spec does not do so I agree. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Tue Jun 16 11:52:38 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 41D6E3A6C0C for ; Tue, 16 Jun 2009 11:52:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.559 X-Spam-Level: X-Spam-Status: No, score=-102.559 tagged_above=-999 required=5 tests=[AWL=0.040, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TYGBgfdk+kAd for ; Tue, 16 Jun 2009 11:52:37 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 402CB3A6BC8 for ; Tue, 16 Jun 2009 11:52:37 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 33A1510; Tue, 16 Jun 2009 13:52:48 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id D022443; Tue, 16 Jun 2009 13:52:47 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id AE51D80E05; Tue, 16 Jun 2009 13:52:47 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id EA44E80E01 for ; Tue, 16 Jun 2009 13:52:46 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id E434510; Tue, 16 Jun 2009 13:52:46 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id DFC6411 for ; Tue, 16 Jun 2009 13:52:46 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id DA5E810 for ; Tue, 16 Jun 2009 13:52:46 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id C29B97CC0E6; Tue, 16 Jun 2009 13:52:46 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 20879-10; Tue, 16 Jun 2009 13:52:46 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 9B3017CC0DE for ; Tue, 16 Jun 2009 13:52:46 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AkgAAHOGN0qDa3PXkWdsb2JhbACYUgEBAQEJCwoHEwalfZcLhAsF X-IronPort-AV: E=Sophos;i="4.42,231,1243832400"; d="scan'208";a="28090617" Received: from smtp.microsoft.com ([131.107.115.215]) by mailgateway.anl.gov with ESMTP; 16 Jun 2009 13:52:46 -0500 Received: from TK5EX14MLTC102.redmond.corp.microsoft.com (157.54.79.180) by TK5-EXGWY-E802.partners.extranet.microsoft.com (10.251.56.168) with Microsoft SMTP Server (TLS) id 8.2.99.4; Tue, 16 Jun 2009 11:52:45 -0700 Received: from TK5EX14MLTW651.wingroup.windeploy.ntdev.microsoft.com (157.54.71.39) by TK5EX14MLTC102.redmond.corp.microsoft.com (157.54.79.180) with Microsoft SMTP Server id 14.0.601.1; Tue, 16 Jun 2009 11:42:27 -0700 Received: from TK5EX14MBXW651.wingroup.windeploy.ntdev.microsoft.com ([169.254.1.90]) by TK5EX14MLTW651.wingroup.windeploy.ntdev.microsoft.com ([157.54.71.39]) with mapi; Tue, 16 Jun 2009 11:42:27 -0700 From: Larry Zhu To: "ietf-krb-wg@anl.gov" Thread-Topic: WGLC COMMENTS: Section 6.5.3. FAST Response Thread-Index: AcnusjGfe5DR5NPZSk+W4bf/uc2hrg== Date: Tue, 16 Jun 2009 18:42:26 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Subject: [Ietf-krb-wg] WGLC COMMENTS: Section 6.5.3. FAST Response X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov On top of page 32, there is an extra space "PA-FX- FAST-REPLY". This should be "PA-FX-FAST-REPLY". --Larry _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Tue Jun 16 13:51:46 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 875E73A6C1A for ; Tue, 16 Jun 2009 13:51:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.55 X-Spam-Level: X-Spam-Status: No, score=-2.55 tagged_above=-999 required=5 tests=[AWL=0.049, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5up6f+wW1czF for ; Tue, 16 Jun 2009 13:51:45 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 834883A6824 for ; Tue, 16 Jun 2009 13:51:45 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 2669880; Tue, 16 Jun 2009 15:50:18 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 779BC82; Tue, 16 Jun 2009 15:50:15 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 4835E80E05; Tue, 16 Jun 2009 15:50:15 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id D433B80E01 for ; Tue, 16 Jun 2009 15:50:13 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id C849D7F; Tue, 16 Jun 2009 15:50:13 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id C3F9580 for ; Tue, 16 Jun 2009 15:50:13 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id BE9857F for ; Tue, 16 Jun 2009 15:50:13 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id A64857CC133; Tue, 16 Jun 2009 15:50:13 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 16417-07; Tue, 16 Jun 2009 15:50:13 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 87DAE7CC131 for ; Tue, 16 Jun 2009 15:50:13 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AmUEAJOiN0pFGcSzgWdsb2JhbACYUwEBFiSseIZqiFCECwU X-IronPort-AV: E=Sophos;i="4.42,231,1243832400"; d="scan'208";a="28096226" Received: from luminous.suchdamage.org ([69.25.196.179]) by mailgateway.anl.gov with ESMTP; 16 Jun 2009 15:50:13 -0500 Received: by luminous.suchdamage.org (Postfix, from userid 8042) id 13DA6A6C119; Tue, 16 Jun 2009 16:50:12 -0400 (EDT) To: ietf-krb-wg@anl.gov From: Sam Hartman User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux) Date: Tue, 16 Jun 2009 16:50:12 -0400 Message-ID: MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Subject: [Ietf-krb-wg] starttls X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov I've reviewed the starttls draft again. I support publication of the current version of the draft on the informational or experimental track. I would prefer that the pre-authentication framework and FAST be the IETF's recommended approach for securing Kerberos going forward. I'm not sure that we need two alternatives for this problem space and I think that FAST provides a better solution than starttls. So, I do not prefer to publish starttls on the standards track--don't count me as a supporter. However I understand that my preference is a engineering preference. Simon is using a different design esthetic in starttls and I can easily understand why someone might prefer that esthetic. Starttls is definitely a simpler document than the pre-authentication framework. I object to publishing the current version of starttls on the standards track because of the certificate validation strategy. There is no mandatory-to-implement certificate type. Rules are provided if X.509 certificates are used, but clients and KDCs are not required to implement support for X.509 certificates and these rules. I fully understand that some deployments do not lend themselves to certificate validation. However I think at least KDCs need to have a mandatory to implement certificate type and clients need to have a mandatory-to-implement validation rule if they support validation at all. If that were fixed, I'd be neutral on starttls on the standards track. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Tue Jun 16 14:24:13 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7322E28C1AB for ; Tue, 16 Jun 2009 14:24:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.051 X-Spam-Level: X-Spam-Status: No, score=-4.051 tagged_above=-999 required=5 tests=[AWL=-1.452, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u6VuuPCuhfD8 for ; Tue, 16 Jun 2009 14:24:12 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 6B9A128C18F for ; Tue, 16 Jun 2009 14:24:12 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 8397811; Tue, 16 Jun 2009 16:22:53 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 1721153; Tue, 16 Jun 2009 16:22:52 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id D595380E05; Tue, 16 Jun 2009 16:22:52 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id BC4D480E01 for ; Tue, 16 Jun 2009 16:22:51 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id B9C2256; Tue, 16 Jun 2009 16:22:51 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id B4EDB5A for ; Tue, 16 Jun 2009 16:22:51 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id AFDC156 for ; Tue, 16 Jun 2009 16:22:51 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 975327CC08A; Tue, 16 Jun 2009 16:22:51 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 23700-08; Tue, 16 Jun 2009 16:22:51 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 78E6F7CC088 for ; Tue, 16 Jun 2009 16:22:51 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AnwBAJupN0rAEmIkkWdsb2JhbACYUgEBAQEJCwoHEwW8A4QLBYha X-IronPort-AV: E=Sophos;i="4.42,232,1243832400"; d="scan'208";a="28097612" Received: from brmea-mail-4.sun.com ([192.18.98.36]) by mailgateway.anl.gov with ESMTP; 16 Jun 2009 16:22:51 -0500 Received: from dm-central-02.central.sun.com ([129.147.62.5]) by brmea-mail-4.sun.com (8.13.6+Sun/8.12.9) with ESMTP id n5GLMo1P017931 for ; Tue, 16 Jun 2009 21:22:50 GMT Received: from binky.Central.Sun.COM (binky.Central.Sun.COM [129.153.128.104]) by dm-central-02.central.sun.com (8.13.8+Sun/8.13.8/ENSMAIL, v2.2) with ESMTP id n5GLMorr002617 for ; Tue, 16 Jun 2009 15:22:50 -0600 (MDT) Received: from binky.Central.Sun.COM (localhost [127.0.0.1]) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3) with ESMTP id n5GLCoSB002770; Tue, 16 Jun 2009 16:12:50 -0500 (CDT) Received: (from nw141292@localhost) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3/Submit) id n5GLCnms002769; Tue, 16 Jun 2009 16:12:49 -0500 (CDT) X-Authentication-Warning: binky.Central.Sun.COM: nw141292 set sender to Nicolas.Williams@sun.com using -f Date: Tue, 16 Jun 2009 16:12:49 -0500 From: Nicolas Williams To: Sam Hartman Message-ID: <20090616211249.GV1308@Sun.COM> References: Mime-Version: 1.0 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.7i X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@anl.gov Subject: Re: [Ietf-krb-wg] starttls X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov On Tue, Jun 16, 2009 at 04:50:12PM -0400, Sam Hartman wrote: > However I understand that my preference is a engineering preference. > Simon is using a different design esthetic in starttls and I can > easily understand why someone might prefer that esthetic. Starttls > is definitely a simpler document than the pre-authentication framework. I, for example, prefer the starttls approach from an aesthetic point of view, and also, perhaps from a security analysis point of view (it's simpler to analyze Kerberos V pre-auth with channel binding to TLS + starttls than it is to analyze FAST, though conceptually the two are the same -- FAST just has more details to consider). However, I also prefer the FAST approach from a practical engineering point of view. > I object to publishing the current version of starttls on the > standards track because of the certificate validation strategy. There > is no mandatory-to-implement certificate type. Rules are provided if > X.509 certificates are used, but clients and KDCs are not required to > implement support for X.509 certificates and these rules. I fully > understand that some deployments do not lend themselves to certificate > validation. However I think at least KDCs need to have a mandatory to > implement certificate type and clients need to have a > mandatory-to-implement validation rule if they support validation at > all. > > If that were fixed, I'd be neutral on starttls on the standards track. I agree with this too. Nico -- _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Tue Jun 16 15:26:03 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E35D228C123 for ; Tue, 16 Jun 2009 15:26:03 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.299 X-Spam-Level: X-Spam-Status: No, score=-102.299 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nWquy19F8Ft9 for ; Tue, 16 Jun 2009 15:26:02 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 5302228C0E5 for ; Tue, 16 Jun 2009 15:26:02 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 648A84F; Tue, 16 Jun 2009 17:26:13 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 25A4F11; Tue, 16 Jun 2009 17:26:10 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id DFB4F80E05; Tue, 16 Jun 2009 17:26:10 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 9369480E01 for ; Tue, 16 Jun 2009 17:26:09 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 83FEB10; Tue, 16 Jun 2009 17:26:09 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 7F2F411 for ; Tue, 16 Jun 2009 17:26:09 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 78FDF10 for ; Tue, 16 Jun 2009 17:26:09 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 6129A7CC0DA; Tue, 16 Jun 2009 17:26:09 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 01829-02; Tue, 16 Jun 2009 17:26:09 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 429E07CC091 for ; Tue, 16 Jun 2009 17:26:09 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AnwBANe4N0oR/g0WkWdsb2JhbACYUgEBAQEJCwoHEwW6fIQLBYha X-IronPort-AV: E=Sophos;i="4.42,232,1243832400"; d="scan'208";a="28099728" Received: from mail-out3.apple.com ([17.254.13.22]) by mailgateway.anl.gov with ESMTP; 16 Jun 2009 17:26:08 -0500 Received: from relay15.apple.com (relay15.apple.com [17.128.113.54]) by mail-out3.apple.com (Postfix) with ESMTP id 6200A6583025 for ; Tue, 16 Jun 2009 15:26:08 -0700 (PDT) Received: from relay15.apple.com (unknown [127.0.0.1]) by relay15.apple.com (Symantec Brightmail Gateway) with ESMTP id 50CAE5A0004 for ; Tue, 16 Jun 2009 15:26:08 -0700 (PDT) X-AuditID: 11807136-a8500bb00000447e-63-4a381c00769d Received: from elliott.apple.com (elliott.apple.com [17.151.62.13]) by relay15.apple.com (Apple SCV relay) with ESMTP id 3CB11558004 for ; Tue, 16 Jun 2009 15:26:08 -0700 (PDT) MIME-version: 1.0 Received: from [192.168.20.2] (166-205-130-195.mobile.mymmode.com [166.205.130.195]) by elliott.apple.com (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008; 32bit)) with ESMTPSA id <0KLC000FKRNGB400@elliott.apple.com> for ietf-krb-wg@anl.gov; Tue, 16 Jun 2009 15:26:08 -0700 (PDT) From: =?iso-8859-1?Q?Love_H=F6rnquist_=C5strand?= In-reply-to: Date: Tue, 16 Jun 2009 15:26:04 -0700 Message-id: References: To: Sam Hartman X-Mailer: Apple Mail (2.1067.3) X-Brightmail-Tracker: AAAAAA== X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@anl.gov Subject: Re: [Ietf-krb-wg] starttls X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed"; DelSp="yes" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov 16 jun 2009 kl. 13:50 skrev Sam Hartman: > However I understand that my preference is a engineering preference. > Simon is using a different design esthetic in starttls and I can > easily understand why someone might prefer that esthetic. Starttls > is definitely a simpler document than the pre-authentication > framework. STARTTLS have properties that that makes it better then FAST. No clear text kerberos bits. This make it harder to push though in enviroments when no clear text data is allowed even though its safe. See resent SHA1 vs HMAC-SHA1 discussion. Love _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Tue Jun 16 15:42:57 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 03A3A28C206 for ; Tue, 16 Jun 2009 15:42:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.86 X-Spam-Level: X-Spam-Status: No, score=-3.86 tagged_above=-999 required=5 tests=[AWL=-1.561, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TmItG0JicGqk for ; Tue, 16 Jun 2009 15:42:56 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 0846128C1EE for ; Tue, 16 Jun 2009 15:42:56 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 1F3D656; Tue, 16 Jun 2009 17:43:07 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id C3FE710; Tue, 16 Jun 2009 17:43:05 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id B6ADC80E05; Tue, 16 Jun 2009 17:43:05 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id B04BF80E01 for ; Tue, 16 Jun 2009 17:43:03 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id A11F010; Tue, 16 Jun 2009 17:43:03 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 9C5A211 for ; Tue, 16 Jun 2009 17:43:03 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 96F2910 for ; Tue, 16 Jun 2009 17:43:03 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 801F47CC0DC; Tue, 16 Jun 2009 17:43:03 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 03672-08; Tue, 16 Jun 2009 17:43:03 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 5F30D7CC060 for ; Tue, 16 Jun 2009 17:43:03 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AsQBAGC8N0rAEmIflGdsb2JhbACYUwEBAQEHDQgJEwW6Z4QLBQ X-IronPort-AV: E=Sophos;i="4.42,232,1243832400"; d="scan'208";a="28100169" Received: from brmea-mail-1.sun.com ([192.18.98.31]) by mailgateway.anl.gov with ESMTP; 16 Jun 2009 17:43:03 -0500 Received: from dm-central-01.central.sun.com ([129.147.62.4]) by brmea-mail-1.sun.com (8.13.6+Sun/8.12.9) with ESMTP id n5GMh2if014686 for ; Tue, 16 Jun 2009 22:43:02 GMT Received: from binky.Central.Sun.COM (binky.Central.Sun.COM [129.153.128.104]) by dm-central-01.central.sun.com (8.13.8+Sun/8.13.8/ENSMAIL, v2.2) with ESMTP id n5GMh2cd021728 for ; Tue, 16 Jun 2009 16:43:02 -0600 (MDT) Received: from binky.Central.Sun.COM (localhost [127.0.0.1]) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3) with ESMTP id n5GMX3Iu002891; Tue, 16 Jun 2009 17:33:03 -0500 (CDT) Received: (from nw141292@localhost) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3/Submit) id n5GMX2fT002890; Tue, 16 Jun 2009 17:33:02 -0500 (CDT) X-Authentication-Warning: binky.Central.Sun.COM: nw141292 set sender to Nicolas.Williams@sun.com using -f Date: Tue, 16 Jun 2009 17:33:02 -0500 From: Nicolas Williams To: Love =?iso-8859-1?Q?H=F6rnquist_=C5strand?= Message-ID: <20090616223302.GY1308@Sun.COM> References: Mime-Version: 1.0 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.7i X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@anl.gov, Sam Hartman Subject: Re: [Ietf-krb-wg] starttls X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov On Tue, Jun 16, 2009 at 03:26:04PM -0700, Love H=F6rnquist =C5strand wrote: > = > 16 jun 2009 kl. 13:50 skrev Sam Hartman: > = > >However I understand that my preference is a engineering preference. > >Simon is using a different design esthetic in starttls and I can > >easily understand why someone might prefer that esthetic. Starttls > >is definitely a simpler document than the pre-authentication = > >framework. > = > STARTTLS have properties that that makes it better then FAST. > = > No clear text kerberos bits. FAST has that too, actually. Nico -- = _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From jarrettlancasterphil@advantageoffice.net Tue Jun 16 21:06:54 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1D8393A6822 for ; Tue, 16 Jun 2009 21:06:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -32.134 X-Spam-Level: X-Spam-Status: No, score=-32.134 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_RELAY_NODNS=1.451, HELO_MISMATCH_UK=1.749, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, RDNS_NONE=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oFwU3sqbgDmo for ; Tue, 16 Jun 2009 21:06:48 -0700 (PDT) Received: from almac.co.uk (unknown [78.186.239.180]) by core3.amsl.com (Postfix) with SMTP id A0D043A63EC for ; Tue, 16 Jun 2009 21:06:42 -0700 (PDT) To: krb-wg-archive@lists.ietf.org Subject: Your iTunes Account #627209 From: krb-wg-archive@lists.ietf.org MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090617040643.A0D043A63EC@core3.amsl.com> Date: Tue, 16 Jun 2009 21:06:42 -0700 (PDT)
Tell a friend | Download latest version See this email as a webpage

Hello!

Shipped Privately And Discreetly To Your Door!
See this email as a webpage
  We want to put a great big grin on your face in 2009. You'll be to rejoice all year.  

Unsubscribe | Lost Password | Account Settings | Help | Terms of Service | Privacy

Ottho Heldringstraat 2, 27698 AZ Amsterdam, The Netherlands
From ietf-krb-wg-bounces@lists.anl.gov Wed Jun 17 03:45:38 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9CA7D3A6E3C for ; Wed, 17 Jun 2009 03:45:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.055 X-Spam-Level: X-Spam-Status: No, score=-2.055 tagged_above=-999 required=5 tests=[AWL=-0.448, BAYES_00=-2.599, DATE_IN_PAST_12_24=0.992] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kCzJYNPUDO+W for ; Wed, 17 Jun 2009 03:45:37 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 76C563A6E2D for ; Wed, 17 Jun 2009 03:45:37 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 026C53E; Wed, 17 Jun 2009 05:45:40 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id EC1572C; Wed, 17 Jun 2009 05:45:37 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id E2B2980E05; Wed, 17 Jun 2009 05:45:36 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 9BB6D80E01 for ; Wed, 17 Jun 2009 05:45:34 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 8EA4E29; Wed, 17 Jun 2009 05:45:34 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 89BF821 for ; Wed, 17 Jun 2009 05:45:34 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 6DA5E29 for ; Wed, 17 Jun 2009 05:45:34 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 57AC47CC09F; Wed, 17 Jun 2009 05:45:34 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 04582-08; Wed, 17 Jun 2009 05:45:34 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 363017CC05F for ; Wed, 17 Jun 2009 05:45:34 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Ag4FAEdmOEpFGcSy/2dsb2JhbABGxDWHVYhQhAsF X-IronPort-AV: E=Sophos;i="4.42,235,1243832400"; d="scan'208";a="28113303" Received: from carter-zimmerman.suchdamage.org ([69.25.196.178]) by mailgateway.anl.gov with ESMTP; 17 Jun 2009 05:45:33 -0500 Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id F106E4159; Tue, 16 Jun 2009 16:41:41 -0400 (EDT) To: ietf-krb-wg@anl.gov From: Sam Hartman Date: Tue, 16 Jun 2009 16:41:41 -0400 Message-ID: User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux) MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Subject: [Ietf-krb-wg] FAST LC: removing ap-req armor for TGS X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov As you will recall, in a show of apathy, we decided there would be two options for FAST TGS armor. The first is to use the tgs-req authenticator to build an armor key. No actual element is sent in the armor structure of FAST. This is called implicit armor. We also allow you to use a separate armor ticket (explicit ap-req armor). The intent was to allow people to use an armor ticket different from the header ticket when validating, proxying or otherwise presenting a non-TGT to the TGS. I think I was one of the main proponents of this option. I seem to recall us admitting that we didn't have strong preferences and that we were unsure this explicit armor was important. I propose to remove it because it creates security problems and implementation experience has shown it is difficult and unlikely to be used. Two implementers (myself and another) found that our implementations made it very difficult to use explicit armor. There wasn't really a good way to find and select the armor ticket in the TGS path. So, in my implementation I created a special testing interface but did not plan to use explicit armor for anything other than testing. Larry discovered a weakness which ends up leading to a fairly minor attack if explicit armor is available. As you will recall, the ap-req in the pa-tgs-req has a checksum of the outer request body. However FAST KDCs use the inner request body. So, an attacker can take an existing tgs-req and construct a FAST TGS-req with a request body of the attacker's choice. The attacker can manipulate lifetimes, remove authorization data restrictions from the request, manipulate addresses, or manipulate flags. In general, this attack only allows the attacker to create bogus log entries and auditing information. The attacker will not know the reply key, so the attacker cannot decrypt the kdc-rep and get the session key. If the KDC uses the strengthen key, then generating incorrect auditing information is the worst we've been able to do. Greg Hudson has found a variation where an attacker may be able to observe a request for a ad-fx-armor tgt and turn that into a request for a tgt without ad-fx-armor if the strengthen key is not used. In some environments that could be fairly serious. So, why is this possible? There are a number of ways to look at that. My argument is that we failed to note an important security property of TGS armor. TGS armor, unlike AS armor, must authenticate the client to the KDC. Implicit armor does this; explicit armor does not. So, I propose to remove the support for ap-req armor from the TGS. I propose to note that any armor types designed for use with the TGS must authenticate the client to the TGS and explain why that is true for the implicit armor. If we ever decide we do need explicit TGS armor, adding a version that ties the armor key to the subsession key in the pa-tgs-req is entirely doable. I just don't think that makes sense at this point in the process especially given that it ended up being fairly hard to use explicit armor. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Wed Jun 17 04:01:56 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2098128C1D4 for ; Wed, 17 Jun 2009 04:01:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.39 X-Spam-Level: X-Spam-Status: No, score=-2.39 tagged_above=-999 required=5 tests=[AWL=-0.091, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YtwXpir9tJDm for ; Wed, 17 Jun 2009 04:01:55 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 2249B3A6E2C for ; Wed, 17 Jun 2009 04:01:55 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id DE76F31; Wed, 17 Jun 2009 06:02:06 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 742D930; Wed, 17 Jun 2009 06:02:06 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 13CC180E05; Wed, 17 Jun 2009 06:02:06 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 9C55380E01 for ; Wed, 17 Jun 2009 06:02:04 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 9387A21; Wed, 17 Jun 2009 06:02:04 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 8ED072A for ; Wed, 17 Jun 2009 06:02:04 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 8A3E221 for ; Wed, 17 Jun 2009 06:02:04 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 74EED7CC0ED; Wed, 17 Jun 2009 06:02:04 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 07289-01; Wed, 17 Jun 2009 06:02:04 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 545D37CC0E6 for ; Wed, 17 Jun 2009 06:02:04 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApoEAMtpOEpFGcSy/2dsb2JhbADFFodWiFCECwU X-IronPort-AV: E=Sophos;i="4.42,235,1243832400"; d="scan'208";a="28113822" Received: from carter-zimmerman.suchdamage.org ([69.25.196.178]) by mailgateway.anl.gov with ESMTP; 17 Jun 2009 06:02:03 -0500 Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 7F6954142; Wed, 17 Jun 2009 07:02:02 -0400 (EDT) To: Love =?iso-8859-1?Q?H=F6rnquist_=C5strand?= References: From: Sam Hartman Date: Wed, 17 Jun 2009 07:02:02 -0400 In-Reply-To: ("Love =?iso-8859-1?Q?H=F6rnquist_=C5strand=22's?= message of "Tue\, 16 Jun 2009 15\:26\:04 -0700") Message-ID: User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux) MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@anl.gov, Sam Hartman Subject: Re: [Ietf-krb-wg] starttls X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov >>>>> "Love" =3D=3D Love H=F6rnquist =C5strand writes: Love> 16 jun 2009 kl. 13:50 skrev Sam Hartman: >> However I understand that my preference is a engineering >> preference. Simon is using a different design esthetic in >> starttls and I can easily understand why someone might prefer >> that esthetic. Starttls is definitely a simpler document than >> the pre-authentication framework. Love> STARTTLS have properties that that makes it better then Love> FAST. I'm not really sure this is true. I think the only remaining clear-text Kerberos bit with hide client names enabled is the ticket server in the reply. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Wed Jun 17 06:26:16 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 970C728C278 for ; Wed, 17 Jun 2009 06:26:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8hMgSa0-zVHW for ; Wed, 17 Jun 2009 06:26:15 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id A6A6B28C276 for ; Wed, 17 Jun 2009 06:26:15 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id BDD6E31; Wed, 17 Jun 2009 08:25:34 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 5763E2D; Wed, 17 Jun 2009 08:25:32 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 4576080E05; Wed, 17 Jun 2009 08:25:32 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 65A8180E01 for ; Wed, 17 Jun 2009 08:25:30 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 5785621; Wed, 17 Jun 2009 08:25:30 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 52AB729 for ; Wed, 17 Jun 2009 08:25:30 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 4D6F121 for ; Wed, 17 Jun 2009 08:25:30 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 33B917CC111; Wed, 17 Jun 2009 08:25:30 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 28062-06; Wed, 17 Jun 2009 08:25:30 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 8B4337CC104 for ; Wed, 17 Jun 2009 08:25:29 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AvABAMeLOEoSBwdQkWdsb2JhbACYWwEBAQEJCwoHEwWrAIdiiE+ECAWIWQ X-IronPort-AV: E=Sophos;i="4.42,236,1243832400"; d="scan'208";a="28117958" Received: from biscayne-one-station.mit.edu ([18.7.7.80]) by mailgateway.anl.gov with ESMTP; 17 Jun 2009 08:25:27 -0500 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id n5HDPPm4010356; Wed, 17 Jun 2009 09:25:25 -0400 (EDT) Received: from [10.0.0.100] (c-66-30-116-197.hsd1.ma.comcast.net [66.30.116.197]) (authenticated bits=0) (User authenticated as ghudson@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id n5HDPOPE008680 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 17 Jun 2009 09:25:25 -0400 (EDT) From: Greg Hudson To: Sam Hartman In-Reply-To: References: Date: Wed, 17 Jun 2009 09:25:23 -0400 Message-Id: <1245245123.21227.62.camel@ray> Mime-Version: 1.0 X-Mailer: Evolution 2.26.1 X-Scanned-By: MIMEDefang 2.42 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@anl.gov Subject: Re: [Ietf-krb-wg] FAST LC: removing ap-req armor for TGS X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov On Tue, 2009-06-16 at 16:41 -0400, Sam Hartman wrote: > So, I propose to remove the support for ap-req armor from the TGS. I > propose to note that any armor types designed for use with the TGS > must authenticate the client to the TGS and explain why that is true > for the implicit armor. I agree with this proposal. (As Sam implied, I spent some time analyzing this problem during a private discussion of the security impact.) _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From miyazaki-356@ae.wakwak.com Wed Jun 17 06:36:19 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 99D763A6B07 for ; Wed, 17 Jun 2009 06:36:19 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -23.949 X-Spam-Level: X-Spam-Status: No, score=-23.949 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_NONE=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q9Yovem8Mbdl for ; Wed, 17 Jun 2009 06:36:12 -0700 (PDT) Received: from aip-usa.com (unknown [122.161.128.121]) by core3.amsl.com (Postfix) with SMTP id F037428C276 for ; Wed, 17 Jun 2009 06:36:10 -0700 (PDT) To: krb-wg-archive@lists.ietf.org Subject: Last time... From: krb-wg-archive@lists.ietf.org MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090617133610.F037428C276@core3.amsl.com> Date: Wed, 17 Jun 2009 06:36:10 -0700 (PDT)
Tell a friend | Download latest version See this email as a webpage

Hello!

Shipped Privately And Discreetly To Your Door!
See this email as a webpage
  We want to put a great big grin on your face in 2009. You'll be to rejoice all year.  

Unsubscribe | Lost Password | Account Settings | Help | Terms of Service | Privacy

Ottho Heldringstraat 3, 39963 AZ Amsterdam, The Netherlands
From ietf-krb-wg-bounces@lists.anl.gov Wed Jun 17 08:14:54 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B93583A6E67 for ; Wed, 17 Jun 2009 08:14:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.249 X-Spam-Level: X-Spam-Status: No, score=-3.249 tagged_above=-999 required=5 tests=[AWL=-0.950, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3SUP+ljKS9rK for ; Wed, 17 Jun 2009 08:14:54 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id EE33E3A6E61 for ; Wed, 17 Jun 2009 08:14:53 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id A425F3D; Wed, 17 Jun 2009 10:14:43 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id A1E8A3E; Wed, 17 Jun 2009 10:14:38 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 8F36680E07; Wed, 17 Jun 2009 10:14:38 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id C180780E05 for ; Wed, 17 Jun 2009 10:14:37 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id B36A52A; Wed, 17 Jun 2009 10:14:37 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id AF94C32 for ; Wed, 17 Jun 2009 10:14:37 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id AA68D2A for ; Wed, 17 Jun 2009 10:14:37 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 941047CC0B3; Wed, 17 Jun 2009 10:14:37 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 23577-09; Wed, 17 Jun 2009 10:14:37 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 73A6A7CC0A0 for ; Wed, 17 Jun 2009 10:14:37 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AsQCAJWlOEqAAtnEmWdsb2JhbACXPIEgAQEBAQEICwoHE6wSh2KIT4QIBYhZ X-IronPort-AV: E=Sophos;i="4.42,236,1243832400"; d="scan'208";a="28123828" Received: from smtp01.srv.cs.cmu.edu ([128.2.217.196]) by mailgateway.anl.gov with ESMTP; 17 Jun 2009 10:14:37 -0500 Received: from atlantis-home.pc.cs.cmu.edu (SIRIUS.FAC.CS.CMU.EDU [128.2.216.216]) (authenticated bits=0) by smtp01.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id n5HFEZaS014852 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 17 Jun 2009 11:14:35 -0400 (EDT) Date: Wed, 17 Jun 2009 11:14:35 -0400 From: Jeffrey Hutzelman To: Sam Hartman , =?UTF-8?Q?Love_H=C3=B6rnquist_=C3=85strand?= Message-ID: <8100D22085DBEEA8A24620FD@atlantis.pc.cs.cmu.edu> In-Reply-To: References: X-Mailer: Mulberry/4.0.8 (Linux/x86) MIME-Version: 1.0 Content-Disposition: inline X-Scanned-By: mimedefang-cmuscs on 128.2.217.196 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@anl.gov, jhutz@cmu.edu Subject: Re: [Ietf-krb-wg] starttls X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: base64 Content-Type: text/plain; charset="utf-8"; Format="flowed" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov LS1PbiBXZWRuZXNkYXksIEp1bmUgMTcsIDIwMDkgMDc6MDI6MDIgQU0gLTA0MDAgU2FtIEhhcnRt YW4gCjxoYXJ0bWFucy1pZXRmQG1pdC5lZHU+IHdyb3RlOgoKPj4+Pj4+ICJMb3ZlIiA9PSBMb3Zl IEjDtnJucXVpc3Qgw4VzdHJhbmQgPGxoYUBhcHBsZS5jb20+IHdyaXRlczoKPgo+ICAgICBMb3Zl PiAxNiBqdW4gMjAwOSBrbC4gMTM6NTAgc2tyZXYgU2FtIEhhcnRtYW46Cj4KPiAgICAgPj4gSG93 ZXZlciBJIHVuZGVyc3RhbmQgdGhhdCBteSBwcmVmZXJlbmNlIGlzIGEgZW5naW5lZXJpbmcKPiAg ICAgPj4gcHJlZmVyZW5jZS4gIFNpbW9uIGlzIHVzaW5nIGEgZGlmZmVyZW50IGRlc2lnbiBlc3Ro ZXRpYyBpbgo+ICAgICA+PiBzdGFydHRscyBhbmQgSSBjYW4gZWFzaWx5IHVuZGVyc3RhbmQgd2h5 IHNvbWVvbmUgbWlnaHQgcHJlZmVyCj4gICAgID4+IHRoYXQgZXN0aGV0aWMuICBTdGFydHRscyBp cyBkZWZpbml0ZWx5IGEgc2ltcGxlciBkb2N1bWVudCB0aGFuCj4gICAgID4+IHRoZSBwcmUtYXV0 aGVudGljYXRpb24gZnJhbWV3b3JrLgo+Cj4gICAgIExvdmU+IFNUQVJUVExTIGhhdmUgcHJvcGVy dGllcyB0aGF0IHRoYXQgbWFrZXMgaXQgYmV0dGVyIHRoZW4KPiAgICAgTG92ZT4gRkFTVC4KPiBJ J20gbm90IHJlYWxseSBzdXJlIHRoaXMgaXMgdHJ1ZS4gIEkgdGhpbmsgdGhlIG9ubHkgcmVtYWlu aW5nCj4gY2xlYXItdGV4dCBLZXJiZXJvcyBiaXQgd2l0aCBoaWRlIGNsaWVudCBuYW1lcyBlbmFi bGVkIGlzIHRoZSB0aWNrZXQKPiBzZXJ2ZXIgaW4gdGhlIHJlcGx5LgoKSSB0aGluayBMb3ZlJ3Mg cG9pbnQgaXMgdGhhdCBldmVuIHRob3VnaCBhbGwgb2YgdGhlIF9tZWFuaW5nZnVsXyBkYXRhIGlz IApoaWRkZW4gaW5zaWRlIEZBU1QsIHlvdSBzdGlsbCBlbmQgdXAgc2VlaW5nIEtlcmJlcm9zIHBy b3RvY29vbCBiaXRzIG9uIHRoZSAKd2lyZS4gIFdpdGggU1RBUlRUTFMgYWxsIG9mIHRoYXQgaXMg aGlkZGVuIGluc2lkZSBhIFRMUyB0dW5uZWwsIGFuZCBmb3IgCnNvbWUgcmVhc29uIHNvbWUgcGVv cGxlIHRoaW5rIFRMUyBpcyBtYWdpY2FsLiAgVGhhdCdzIHNpbGx5LCBvZiBjb3Vyc2UsIGJ1dCAK dGhlcmUgYXJlIGxvdHMgb2Ygc2lsbHkgcG9saWNpZXMgb3V0IHRoZXJlLgpfX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXwppZXRmLWtyYi13ZyBtYWlsaW5nIGxp c3QKaWV0Zi1rcmItd2dAbGlzdHMuYW5sLmdvdgpodHRwczovL2xpc3RzLmFubC5nb3YvbWFpbG1h bi9saXN0aW5mby9pZXRmLWtyYi13Zw== From ietf-krb-wg-bounces@lists.anl.gov Wed Jun 17 09:34:48 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AA28328C0F4 for ; Wed, 17 Jun 2009 09:34:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.985 X-Spam-Level: X-Spam-Status: No, score=-3.985 tagged_above=-999 required=5 tests=[AWL=-1.386, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zZy31mEXiScV for ; Wed, 17 Jun 2009 09:34:47 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id A855828B56A for ; Wed, 17 Jun 2009 09:34:47 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 4720553; Wed, 17 Jun 2009 11:34:53 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 13E4B3E; Wed, 17 Jun 2009 11:34:50 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id E04FF80E07; Wed, 17 Jun 2009 11:34:50 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id BDD4680E05 for ; Wed, 17 Jun 2009 11:34:49 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id B10ED2C; Wed, 17 Jun 2009 11:34:49 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id ABC853D for ; Wed, 17 Jun 2009 11:34:49 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id A62C52C for ; Wed, 17 Jun 2009 11:34:49 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 8F50A7CC087; Wed, 17 Jun 2009 11:34:49 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 15364-01; Wed, 17 Jun 2009 11:34:49 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 6B92C7CC066 for ; Wed, 17 Jun 2009 11:34:49 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AvABAFC4OErAEmIkkWdsb2JhbACYXAEBAQEJCwoHEwW8ZoQIBYhZ X-IronPort-AV: E=Sophos;i="4.42,238,1243832400"; d="scan'208";a="28128928" Received: from brmea-mail-4.sun.com ([192.18.98.36]) by mailgateway.anl.gov with ESMTP; 17 Jun 2009 11:34:48 -0500 Received: from dm-central-02.central.sun.com ([129.147.62.5]) by brmea-mail-4.sun.com (8.13.6+Sun/8.12.9) with ESMTP id n5HGYmEc021755 for ; Wed, 17 Jun 2009 16:34:48 GMT Received: from binky.Central.Sun.COM (binky.Central.Sun.COM [129.153.128.104]) by dm-central-02.central.sun.com (8.13.8+Sun/8.13.8/ENSMAIL, v2.2) with ESMTP id n5HGYloA045735 for ; Wed, 17 Jun 2009 10:34:47 -0600 (MDT) Received: from binky.Central.Sun.COM (localhost [127.0.0.1]) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3) with ESMTP id n5HGOmJp003171; Wed, 17 Jun 2009 11:24:48 -0500 (CDT) Received: (from nw141292@localhost) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3/Submit) id n5HGOlHK003170; Wed, 17 Jun 2009 11:24:47 -0500 (CDT) X-Authentication-Warning: binky.Central.Sun.COM: nw141292 set sender to Nicolas.Williams@sun.com using -f Date: Wed, 17 Jun 2009 11:24:47 -0500 From: Nicolas Williams To: Jeffrey Hutzelman Message-ID: <20090617162447.GJ1308@Sun.COM> References: <8100D22085DBEEA8A24620FD@atlantis.pc.cs.cmu.edu> Mime-Version: 1.0 Content-Disposition: inline In-Reply-To: <8100D22085DBEEA8A24620FD@atlantis.pc.cs.cmu.edu> User-Agent: Mutt/1.5.7i X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@anl.gov, Sam Hartman Subject: Re: [Ietf-krb-wg] starttls X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov On Wed, Jun 17, 2009 at 11:14:35AM -0400, Jeffrey Hutzelman wrote: > > Love> STARTTLS have properties that that makes it better then > > Love> FAST. > >I'm not really sure this is true. I think the only remaining > >clear-text Kerberos bit with hide client names enabled is the ticket > >server in the reply. > > I think Love's point is that even though all of the _meaningful_ data is > hidden inside FAST, you still end up seeing Kerberos protocool bits on the > wire. With STARTTLS all of that is hidden inside a TLS tunnel, and for > some reason some people think TLS is magical. That's silly, of course, but > there are lots of silly policies out there. I agree that it's silly. I agree that there are silly policies out there. I don't agree that because it might some day happen that some silly person, unable to grasp the point, in some position of power to make hay of this non-issue, might do just that, that we should choose STARTTLS over FAST. Nay, I refuse to do that, as I don't have a crystal ball that tells me what such sillinesses will or will not arise. What can be done to help prevent such silliness is to add a security considerations sub-section that makes it absolutely clear that FAST has this property that none of the inner data need be visible outside its tunnel. Moreover, we could even make it a MUST (if it isn't already) that the data in the outer request must bear no relationship to the data in the inner request. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Wed Jun 17 09:47:22 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C48003A6DBD for ; Wed, 17 Jun 2009 09:47:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.299 X-Spam-Level: X-Spam-Status: No, score=-102.299 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iCKuoklRi0Sf for ; Wed, 17 Jun 2009 09:47:21 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id BFBE93A6B80 for ; Wed, 17 Jun 2009 09:47:21 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 8DDB353; Wed, 17 Jun 2009 11:47:31 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 469634F; Wed, 17 Jun 2009 11:47:30 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id EDBD480E07; Wed, 17 Jun 2009 11:47:29 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 3441C80E05 for ; Wed, 17 Jun 2009 11:47:28 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 2EBFC2C; Wed, 17 Jun 2009 11:47:28 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 2A14331 for ; Wed, 17 Jun 2009 11:47:28 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 2560D2C for ; Wed, 17 Jun 2009 11:47:28 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 0FC107CC0BF; Wed, 17 Jun 2009 11:47:28 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 18418-03; Wed, 17 Jun 2009 11:47:27 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id E2CB97CC066 for ; Wed, 17 Jun 2009 11:47:27 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AvABAKi6OEoR/g0WkWdsb2JhbACYXAEBAQEJCwoHEwW8XoQIBQ X-IronPort-AV: E=Sophos;i="4.42,238,1243832400"; d="scan'208";a="28129565" Received: from mail-out3.apple.com ([17.254.13.22]) by mailgateway.anl.gov with ESMTP; 17 Jun 2009 11:47:27 -0500 Received: from relay15.apple.com (relay15.apple.com [17.128.113.54]) by mail-out3.apple.com (Postfix) with ESMTP id 2E16565A17D6 for ; Wed, 17 Jun 2009 09:47:27 -0700 (PDT) Received: from relay15.apple.com (unknown [127.0.0.1]) by relay15.apple.com (Symantec Brightmail Gateway) with ESMTP id 1E9355A0005 for ; Wed, 17 Jun 2009 09:47:27 -0700 (PDT) X-AuditID: 11807136-abd07bb00000447e-27-4a391e1f2e26 Received: from et.apple.com (et.apple.com [17.151.62.12]) by relay15.apple.com (Apple SCV relay) with ESMTP id 0DC54558002 for ; Wed, 17 Jun 2009 09:47:27 -0700 (PDT) MIME-version: 1.0 Received: from [192.168.20.3] (166-205-130-170.mobile.mymmode.com [166.205.130.170]) by et.apple.com (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008; 32bit)) with ESMTPSA id <0KLE00MIS6N06K90@et.apple.com> for ietf-krb-wg@anl.gov; Wed, 17 Jun 2009 09:47:27 -0700 (PDT) From: =?iso-8859-1?Q?Love_H=F6rnquist_=C5strand?= In-reply-to: <20090617162447.GJ1308@Sun.COM> Date: Wed, 17 Jun 2009 09:47:22 -0700 Message-id: <8F62DE79-6A81-4351-B647-35914781A914@apple.com> References: <8100D22085DBEEA8A24620FD@atlantis.pc.cs.cmu.edu> <20090617162447.GJ1308@Sun.COM> To: Nicolas Williams X-Mailer: Apple Mail (2.1067.3) X-Brightmail-Tracker: AAAAAA== X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@anl.gov, Sam Hartman , Jeffrey Hutzelman Subject: Re: [Ietf-krb-wg] starttls X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed"; DelSp="yes" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov 17 jun 2009 kl. 09:24 skrev Nicolas Williams: > What can be done to help prevent such silliness is to add a security > considerations sub-section that makes it absolutely clear that FAST > has > this property that none of the inner data need be visible outside its > tunnel. Moreover, we could even make it a MUST (if it isn't already) > that the data in the outer request must bear no relationship to the > data > in the inner request. Like not sending it, but that was rejected. Love _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Wed Jun 17 12:08:33 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B73C828C2C2 for ; Wed, 17 Jun 2009 12:08:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.411 X-Spam-Level: X-Spam-Status: No, score=-102.411 tagged_above=-999 required=5 tests=[AWL=-0.112, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pAHyT3GYW3wL for ; Wed, 17 Jun 2009 12:08:32 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id CD5E528C2AB for ; Wed, 17 Jun 2009 12:08:32 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id BF3132C; Wed, 17 Jun 2009 14:08:44 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 3830F2D; Wed, 17 Jun 2009 14:08:42 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 049A180E08; Wed, 17 Jun 2009 14:08:42 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 2BB7480E07 for ; Wed, 17 Jun 2009 14:08:41 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 249B329; Wed, 17 Jun 2009 14:08:41 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 1FC192C for ; Wed, 17 Jun 2009 14:08:41 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 1A35029 for ; Wed, 17 Jun 2009 14:08:41 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id E82D47CC0ED; Wed, 17 Jun 2009 14:08:40 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 18461-01; Wed, 17 Jun 2009 14:08:40 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id B714F7CC0EC for ; Wed, 17 Jun 2009 14:08:40 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AlgAAHfbOEqDa3PUkGdsb2JhbACYXAEBAQEJCQwHEwakQ5gmhAgF X-IronPort-AV: E=Sophos;i="4.42,239,1243832400"; d="scan'208";a="28136102" Received: from maila.microsoft.com (HELO smtp.microsoft.com) ([131.107.115.212]) by mailgateway.anl.gov with ESMTP; 17 Jun 2009 14:08:40 -0500 Received: from TK5EX14MLTC102.redmond.corp.microsoft.com (157.54.79.180) by TK5-EXGWY-E801.partners.extranet.microsoft.com (10.251.56.50) with Microsoft SMTP Server (TLS) id 8.2.99.4; Wed, 17 Jun 2009 12:08:39 -0700 Received: from TK5EX14MLTW651.wingroup.windeploy.ntdev.microsoft.com (157.54.71.39) by TK5EX14MLTC102.redmond.corp.microsoft.com (157.54.79.180) with Microsoft SMTP Server id 14.0.601.1; Wed, 17 Jun 2009 12:08:39 -0700 Received: from TK5EX14MBXW651.wingroup.windeploy.ntdev.microsoft.com ([169.254.1.90]) by TK5EX14MLTW651.wingroup.windeploy.ntdev.microsoft.com ([157.54.71.39]) with mapi; Wed, 17 Jun 2009 12:08:26 -0700 From: Larry Zhu To: =?iso-8859-1?Q?Love_H=F6rnquist_=C5strand?= , Nicolas Williams Thread-Topic: [Ietf-krb-wg] starttls Thread-Index: AQHJ7zsKZjouFJfZu0SL3QVHL2xNRJBLU4iAgAATnYCAAAZPAP//sYjw Date: Wed, 17 Jun 2009 19:08:23 +0000 Message-ID: References: <8100D22085DBEEA8A24620FD@atlantis.pc.cs.cmu.edu> <20090617162447.GJ1308@Sun.COM> <8F62DE79-6A81-4351-B647-35914781A914@apple.com> In-Reply-To: <8F62DE79-6A81-4351-B647-35914781A914@apple.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: "ietf-krb-wg@anl.gov" , Sam Hartman , Jeffrey Hutzelman Subject: Re: [Ietf-krb-wg] starttls X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov Not a sending it will cause extra significant implementation costs for impl= ementers who have the hand-coded ANS.1 encoders/decoders. The current draft= allows us to achieve the same spirit but we can make it clear as what Nico= suggested here. --Larry -----Original Message----- From: ietf-krb-wg-bounces@lists.anl.gov [mailto:ietf-krb-wg-bounces@lists.a= nl.gov] On Behalf Of Love H=F6rnquist =C5strand Sent: Wednesday, June 17, 2009 9:47 AM To: Nicolas Williams Cc: ietf-krb-wg@anl.gov; Sam Hartman; Jeffrey Hutzelman Subject: Re: [Ietf-krb-wg] starttls 17 jun 2009 kl. 09:24 skrev Nicolas Williams: > What can be done to help prevent such silliness is to add a security > considerations sub-section that makes it absolutely clear that FAST > has > this property that none of the inner data need be visible outside its > tunnel. Moreover, we could even make it a MUST (if it isn't already) > that the data in the outer request must bear no relationship to the > data > in the inner request. Like not sending it, but that was rejected. Love _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Wed Jun 17 13:15:45 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 985F23A6A6B for ; Wed, 17 Jun 2009 13:15:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.95 X-Spam-Level: X-Spam-Status: No, score=-3.95 tagged_above=-999 required=5 tests=[AWL=-1.351, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jj5lybLyCsFV for ; Wed, 17 Jun 2009 13:15:44 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id A78B028C113 for ; Wed, 17 Jun 2009 13:15:44 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id A48CD29; Wed, 17 Jun 2009 15:15:52 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id C685430; Wed, 17 Jun 2009 15:15:49 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id A6C1180E08; Wed, 17 Jun 2009 15:15:49 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id CF59880E07 for ; Wed, 17 Jun 2009 15:15:47 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id C819930; Wed, 17 Jun 2009 15:15:47 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id C31074F for ; Wed, 17 Jun 2009 15:15:47 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id BD09130 for ; Wed, 17 Jun 2009 15:15:47 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id A4B977CC082; Wed, 17 Jun 2009 15:15:47 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 00371-06; Wed, 17 Jun 2009 15:15:47 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 85BAE7CC061 for ; Wed, 17 Jun 2009 15:15:47 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Am4BAKPrOErAEisZlGdsb2JhbACYXQEBAQEJCwgJEwW8KYQIBYhZ X-IronPort-AV: E=Sophos;i="4.42,239,1243832400"; d="scan'208";a="28139069" Received: from sca-ea-mail-2.sun.com ([192.18.43.25]) by mailgateway.anl.gov with ESMTP; 17 Jun 2009 15:15:47 -0500 Received: from dm-central-01.central.sun.com ([129.147.62.4]) by sca-ea-mail-2.sun.com (8.13.7+Sun/8.12.9) with ESMTP id n5HKFkmw021757 for ; Wed, 17 Jun 2009 20:15:46 GMT Received: from binky.Central.Sun.COM (binky.Central.Sun.COM [129.153.128.104]) by dm-central-01.central.sun.com (8.13.8+Sun/8.13.8/ENSMAIL, v2.2) with ESMTP id n5HKFj79003919 for ; Wed, 17 Jun 2009 14:15:45 -0600 (MDT) Received: from binky.Central.Sun.COM (localhost [127.0.0.1]) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3) with ESMTP id n5HK5jns003359; Wed, 17 Jun 2009 15:05:45 -0500 (CDT) Received: (from nw141292@localhost) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3/Submit) id n5HK5j9o003358; Wed, 17 Jun 2009 15:05:45 -0500 (CDT) X-Authentication-Warning: binky.Central.Sun.COM: nw141292 set sender to Nicolas.Williams@sun.com using -f Date: Wed, 17 Jun 2009 15:05:45 -0500 From: Nicolas Williams To: Sam Hartman Message-ID: <20090617200545.GS1308@Sun.COM> References: Mime-Version: 1.0 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.7i X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@anl.gov Subject: Re: [Ietf-krb-wg] starttls X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov On Wed, Jun 17, 2009 at 07:02:02AM -0400, Sam Hartman wrote: > >>>>> "Love" =3D=3D Love H=F6rnquist =C5strand writes: > = > Love> 16 jun 2009 kl. 13:50 skrev Sam Hartman: > = > >> However I understand that my preference is a engineering > >> preference. Simon is using a different design esthetic in > >> starttls and I can easily understand why someone might prefer > >> that esthetic. Starttls is definitely a simpler document than > >> the pre-authentication framework. > = > Love> STARTTLS have properties that that makes it better then > Love> FAST. > I'm not really sure this is true. I think the only remaining > clear-text Kerberos bit with hide client names enabled is the ticket > server in the reply. Oh, hmmm, that's annoying. Not terribly so, but enough that we should consider ways to fix that. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Wed Jun 17 13:26:00 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 488963A6C10 for ; Wed, 17 Jun 2009 13:25:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.387 X-Spam-Level: X-Spam-Status: No, score=-2.387 tagged_above=-999 required=5 tests=[AWL=-0.088, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J3tAIjKX5gS6 for ; Wed, 17 Jun 2009 13:25:58 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 998A13A6C75 for ; Wed, 17 Jun 2009 13:25:57 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 9F0A14E; Wed, 17 Jun 2009 15:26:09 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 3D3A33D; Wed, 17 Jun 2009 15:26:08 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 3AB0580E08; Wed, 17 Jun 2009 15:26:08 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id EFB0680E07 for ; Wed, 17 Jun 2009 15:26:05 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id E932429; Wed, 17 Jun 2009 15:26:05 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id E43202C for ; Wed, 17 Jun 2009 15:26:05 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id DE51029 for ; Wed, 17 Jun 2009 15:26:05 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id C646C7CC080; Wed, 17 Jun 2009 15:26:05 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 02563-10; Wed, 17 Jun 2009 15:26:05 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id A6BC87CC061 for ; Wed, 17 Jun 2009 15:26:05 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApoEAEHuOEpFGcSy/2dsb2JhbADEcYgGiE+ECAU X-IronPort-AV: E=Sophos;i="4.42,239,1243832400"; d="scan'208";a="28139512" Received: from carter-zimmerman.suchdamage.org ([69.25.196.178]) by mailgateway.anl.gov with ESMTP; 17 Jun 2009 15:26:05 -0500 Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 68A524142; Wed, 17 Jun 2009 16:26:03 -0400 (EDT) To: Love =?iso-8859-1?Q?H=F6rnquist_=C5strand?= References: <8100D22085DBEEA8A24620FD@atlantis.pc.cs.cmu.edu> <20090617162447.GJ1308@Sun.COM> <8F62DE79-6A81-4351-B647-35914781A914@apple.com> From: Sam Hartman Date: Wed, 17 Jun 2009 16:26:03 -0400 In-Reply-To: <8F62DE79-6A81-4351-B647-35914781A914@apple.com> ("Love =?iso-8859-1?Q?H=F6rnquist_=C5strand=22's?= message of "Wed\, 17 Jun 2009 09\:47\:22 -0700") Message-ID: User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux) MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@anl.gov, Sam Hartman , Jeffrey Hutzelman Subject: Re: [Ietf-krb-wg] starttls X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov >>>>> "Love" =3D=3D Love H=F6rnquist =C5strand writes: Love> 17 jun 2009 kl. 09:24 skrev Nicolas Williams: >> What can be done to help prevent such silliness is to add a >> security considerations sub-section that makes it absolutely >> clear that FAST has this property that none of the inner data >> need be visible outside its tunnel. Moreover, we could even >> make it a MUST (if it isn't already) that the data in the outer >> request must bear no relationship to the data in the inner >> request. Love> Like not sending it, but that was rejected. I think we all agree with you that hiding the exchange is a good idea. I was against not sending it exactly because it increased my implementation complexity and didn't buy anything that I could see. So, yes, I view this exactly like not sending it only better:-). Now, if I'm missing something please tell me. I've definitely issed a lot through this process. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Wed Jun 17 13:55:36 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4475B3A6808 for ; Wed, 17 Jun 2009 13:55:36 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.535 X-Spam-Level: X-Spam-Status: No, score=-2.535 tagged_above=-999 required=5 tests=[AWL=0.064, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R7jFKwk9tmUH for ; Wed, 17 Jun 2009 13:55:35 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 6898D3A691C for ; Wed, 17 Jun 2009 13:55:35 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 7506E47; Wed, 17 Jun 2009 15:55:47 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 4348645; Wed, 17 Jun 2009 15:55:46 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id E092080E08; Wed, 17 Jun 2009 15:55:46 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id A3E6380E07 for ; Wed, 17 Jun 2009 15:55:45 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 9645A29; Wed, 17 Jun 2009 15:55:45 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 919C530 for ; Wed, 17 Jun 2009 15:55:45 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 8A34029 for ; Wed, 17 Jun 2009 15:55:45 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 6D6B77CC082; Wed, 17 Jun 2009 15:55:45 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 08641-09; Wed, 17 Jun 2009 15:55:45 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 506A97CC080 for ; Wed, 17 Jun 2009 15:55:45 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApoEAD/1OEpFGcSy/2dsb2JhbADEbogDiE+ECAU X-IronPort-AV: E=Sophos;i="4.42,239,1243832400"; d="scan'208";a="28140738" Received: from carter-zimmerman.suchdamage.org ([69.25.196.178]) by mailgateway.anl.gov with ESMTP; 17 Jun 2009 15:55:44 -0500 Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id A63F04142; Wed, 17 Jun 2009 16:55:43 -0400 (EDT) To: Nicolas Williams References: <20090617200545.GS1308@Sun.COM> From: Sam Hartman Date: Wed, 17 Jun 2009 16:55:43 -0400 In-Reply-To: <20090617200545.GS1308@Sun.COM> (Nicolas Williams's message of "Wed\, 17 Jun 2009 15\:05\:45 -0500") Message-ID: User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux) MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@anl.gov, Sam Hartman Subject: Re: [Ietf-krb-wg] starttls X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov >>>>> "Nicolas" == Nicolas Williams writes: >> I'm not really sure this is true. I think the only remaining >> clear-text Kerberos bit with hide client names enabled is the >> ticket server in the reply. Nicolas> Oh, hmmm, that's annoying. Not terribly so, but enough Nicolas> that we should consider ways to fix that. Create a fast factor to include the server name, remove it from the ticket after any ticket extensions are computed and have the client re-add it. However it's kind of pointless to do this given that the same server name is in every ap-req unencrypted. Modern MIT and all windows implementations do not use that server name in the normal rd-req path. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Wed Jun 17 14:47:50 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D8FA928C1A2 for ; Wed, 17 Jun 2009 14:47:50 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.299 X-Spam-Level: X-Spam-Status: No, score=-102.299 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0W0Pmzsr80oO for ; Wed, 17 Jun 2009 14:47:50 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id D04A93A6ED6 for ; Wed, 17 Jun 2009 14:47:47 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 6B9A147; Wed, 17 Jun 2009 16:47:59 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id A299630; Wed, 17 Jun 2009 16:47:57 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 7C3D380E08; Wed, 17 Jun 2009 16:47:57 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 2678A80E07 for ; Wed, 17 Jun 2009 16:47:56 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 1FC1E29; Wed, 17 Jun 2009 16:47:56 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 1AFAB30 for ; Wed, 17 Jun 2009 16:47:56 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 14EBB29 for ; Wed, 17 Jun 2009 16:47:56 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id F23F37CC071; Wed, 17 Jun 2009 16:47:55 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 18373-08; Wed, 17 Jun 2009 16:47:55 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id CF66C7CC05F for ; Wed, 17 Jun 2009 16:47:55 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AlsBAPYAOUoR/g0XkWdsb2JhbACYXQEBAQEJCwoHEwW7IoQIBYhZ X-IronPort-AV: E=Sophos;i="4.42,239,1243832400"; d="scan'208";a="28142731" Received: from mail-out4.apple.com ([17.254.13.23]) by mailgateway.anl.gov with ESMTP; 17 Jun 2009 16:47:55 -0500 Received: from relay11.apple.com (relay11.apple.com [17.128.113.48]) by mail-out4.apple.com (Postfix) with ESMTP id 0203068DB81A for ; Wed, 17 Jun 2009 14:47:55 -0700 (PDT) Received: from relay11.apple.com (unknown [127.0.0.1]) by relay11.apple.com (Symantec Brightmail Gateway) with ESMTP id D24F12807F for ; Wed, 17 Jun 2009 14:47:54 -0700 (PDT) X-AuditID: 11807130-a9ce5bb0000025da-e2-4a39648a5cc6 Received: from et.apple.com (et.apple.com [17.151.62.12]) by relay11.apple.com (Apple SCV relay) with ESMTP id BAD632807E for ; Wed, 17 Jun 2009 14:47:54 -0700 (PDT) MIME-version: 1.0 Received: from nutcracker.apple.com (nutcracker.apple.com [17.201.21.139]) by et.apple.com (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008; 32bit)) with ESMTPSA id <0KLE00BH0KJUMH20@et.apple.com> for ietf-krb-wg@anl.gov; Wed, 17 Jun 2009 14:47:54 -0700 (PDT) From: =?iso-8859-1?Q?Love_H=F6rnquist_=C5strand?= In-reply-to: Date: Wed, 17 Jun 2009 14:47:54 -0700 Message-id: <6B0B9ACD-C5FC-48F2-A66F-111CACBEE423@apple.com> References: <20090617200545.GS1308@Sun.COM> To: Sam Hartman X-Mailer: Apple Mail (2.1067.3) X-Brightmail-Tracker: AAAAAA== X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@anl.gov Subject: Re: [Ietf-krb-wg] starttls X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed"; DelSp="yes" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov 17 jun 2009 kl. 13:55 skrev Sam Hartman: >>>>>> "Nicolas" == Nicolas Williams writes: >>> I'm not really sure this is true. I think the only remaining >>> clear-text Kerberos bit with hide client names enabled is the >>> ticket server in the reply. > > Nicolas> Oh, hmmm, that's annoying. Not terribly so, but enough > Nicolas> that we should consider ways to fix that. > > Create a fast factor to include the server name, remove it from the > ticket after any ticket extensions are computed and have the client > re-add it. > > However it's kind of pointless to do this given that the same server > name is in every ap-req unencrypted. Modern MIT and all windows > implementations do not use that server name in the normal rd-req path. Having the server perform key identification faster then iteration over try all keys would be a good thing. I know of places where there are 100+ keys in the keytab. Love _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Wed Jun 17 15:01:23 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 817BE3A6843 for ; Wed, 17 Jun 2009 15:01:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.766 X-Spam-Level: X-Spam-Status: No, score=-3.766 tagged_above=-999 required=5 tests=[AWL=-1.467, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J9Kfl5xEbm7l for ; Wed, 17 Jun 2009 15:01:22 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 8FA293A68F2 for ; Wed, 17 Jun 2009 15:01:22 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id BB4756F; Wed, 17 Jun 2009 17:01:32 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id E7A3D5F; Wed, 17 Jun 2009 17:01:31 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 9990B80E08; Wed, 17 Jun 2009 17:01:31 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id D7FA980E07 for ; Wed, 17 Jun 2009 17:01:29 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id D2A3130; Wed, 17 Jun 2009 17:01:29 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id CD7B732 for ; Wed, 17 Jun 2009 17:01:29 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id C76D930 for ; Wed, 17 Jun 2009 17:01:29 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id AD2717CC061; Wed, 17 Jun 2009 17:01:29 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 20411-06; Wed, 17 Jun 2009 17:01:29 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 48F447CC07F for ; Wed, 17 Jun 2009 17:01:29 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AlsBAHsEOUrAEmIkkWdsb2JhbACYXQEBAQEJCwoHEwW6eoQIBQ X-IronPort-AV: E=Sophos;i="4.42,239,1243832400"; d="scan'208";a="28143149" Received: from brmea-mail-4.sun.com ([192.18.98.36]) by mailgateway.anl.gov with ESMTP; 17 Jun 2009 17:01:28 -0500 Received: from dm-central-01.central.sun.com ([129.147.62.4]) by brmea-mail-4.sun.com (8.13.6+Sun/8.12.9) with ESMTP id n5HM1S9Y028106 for ; Wed, 17 Jun 2009 22:01:28 GMT Received: from binky.Central.Sun.COM (binky.Central.Sun.COM [129.153.128.104]) by dm-central-01.central.sun.com (8.13.8+Sun/8.13.8/ENSMAIL, v2.2) with ESMTP id n5HM1S1o014103 for ; Wed, 17 Jun 2009 16:01:28 -0600 (MDT) Received: from binky.Central.Sun.COM (localhost [127.0.0.1]) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3) with ESMTP id n5HLpRwo003489; Wed, 17 Jun 2009 16:51:27 -0500 (CDT) Received: (from nw141292@localhost) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3/Submit) id n5HLpR24003488; Wed, 17 Jun 2009 16:51:27 -0500 (CDT) X-Authentication-Warning: binky.Central.Sun.COM: nw141292 set sender to Nicolas.Williams@sun.com using -f Date: Wed, 17 Jun 2009 16:51:27 -0500 From: Nicolas Williams To: Love =?iso-8859-1?Q?H=F6rnquist_=C5strand?= Message-ID: <20090617215127.GB1308@Sun.COM> References: <20090617200545.GS1308@Sun.COM> <6B0B9ACD-C5FC-48F2-A66F-111CACBEE423@apple.com> Mime-Version: 1.0 Content-Disposition: inline In-Reply-To: <6B0B9ACD-C5FC-48F2-A66F-111CACBEE423@apple.com> User-Agent: Mutt/1.5.7i X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@anl.gov, Sam Hartman Subject: Re: [Ietf-krb-wg] starttls X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov On Wed, Jun 17, 2009 at 02:47:54PM -0700, Love H=F6rnquist =C5strand wrote: > 17 jun 2009 kl. 13:55 skrev Sam Hartman: > >>>>>>"Nicolas" =3D=3D Nicolas Williams writes: > >>>I'm not really sure this is true. I think the only remaining > >>>clear-text Kerberos bit with hide client names enabled is the > >>>ticket server in the reply. > > > > Nicolas> Oh, hmmm, that's annoying. Not terribly so, but enough > > Nicolas> that we should consider ways to fix that. > > > >Create a fast factor to include the server name, remove it from the > >ticket after any ticket extensions are computed and have the client > >re-add it. > > > >However it's kind of pointless to do this given that the same server > >name is in every ap-req unencrypted. Modern MIT and all windows > >implementations do not use that server name in the normal rd-req path. You're right, though if the AP exchange happens over some other channel... But yes, it's mostly pointless to hide the server name. > Having the server perform key identification faster then iteration = > over try all keys would be a good thing. I know of places where there = > are 100+ keys in the keytab. Note that STARTTLS doesn't protect the server name either in the AP-REQ, for the obvious and simple reason that STARTTLS is not used in AP exchanges. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Wed Jun 17 16:32:28 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D6E893A67BD for ; Wed, 17 Jun 2009 16:32:28 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.424 X-Spam-Level: X-Spam-Status: No, score=-4.424 tagged_above=-999 required=5 tests=[AWL=-1.825, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HIh7FbsVtS-1 for ; Wed, 17 Jun 2009 16:32:27 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id BB5D33A689D for ; Wed, 17 Jun 2009 16:32:27 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 9721131; Wed, 17 Jun 2009 18:32:29 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id D7E573D; Wed, 17 Jun 2009 18:32:25 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 4DA4F80E08; Wed, 17 Jun 2009 18:32:25 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id 3059880E07 for ; Wed, 17 Jun 2009 18:32:23 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 1B5E17CC0FD; Wed, 17 Jun 2009 18:32:23 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 31077-06; Wed, 17 Jun 2009 18:32:23 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id EF3A07CC06C for ; Wed, 17 Jun 2009 18:32:22 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AmABAJMZOUqbOESri2dsb2JhbACYXQEBAQoLCgcRBz65QoQIBQ X-IronPort-AV: E=Sophos;i="4.42,239,1243832400"; d="scan'208";a="28145386" Received: from smtpde01.sap-ag.de ([155.56.68.171]) by mailgateway.anl.gov with ESMTP; 17 Jun 2009 18:32:22 -0500 Received: from mail.sap.corp by smtpde01.sap-ag.de (26) with ESMTP id n5HNWLaU028542 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 18 Jun 2009 01:32:21 +0200 (MEST) From: Martin Rex Message-Id: <200906172332.n5HNWKMT006848@fs4113.wdf.sap.corp> To: Nicolas.Williams@sun.com (Nicolas Williams) Date: Thu, 18 Jun 2009 01:32:20 +0200 (MEST) In-Reply-To: <20090617215127.GB1308@Sun.COM> from "Nicolas Williams" at Jun 17, 9 04:51:27 pm MIME-Version: 1.0 X-Scanner: Virus Scanner virwal07 X-SAP: out X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@lists.anl.gov Subject: Re: [Ietf-krb-wg] starttls X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list Reply-To: martin.rex@sap.com List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov Nicolas Williams wrote: > > You're right, though if the AP exchange happens over some other > channel... But yes, it's mostly pointless to hide the server name. > > > Having the server perform key identification faster then iteration > > over try all keys would be a good thing. I know of places where there > > are 100+ keys in the keytab. > > Note that STARTTLS doesn't protect the server name either in the AP-REQ, > for the obvious and simple reason that STARTTLS is not used in AP > exchanges. If the server name was hidden on AP-REQ, then the server would not be able to give a useful hint "wrong server name in request" for fairly-easy-to-commit configuration errors. For the majority of kerberos clients, which blindly derive the server name from the network endpoint address, such hiding would not buy you much anyway... -Martin _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Wed Jun 17 17:27:48 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AFBFA3A6EDA for ; Wed, 17 Jun 2009 17:27:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.555 X-Spam-Level: X-Spam-Status: No, score=-102.555 tagged_above=-999 required=5 tests=[AWL=0.044, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kuVVPW4wS-tc for ; Wed, 17 Jun 2009 17:27:47 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 1EF643A6DE5 for ; Wed, 17 Jun 2009 17:27:47 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id C31D930; Wed, 17 Jun 2009 19:27:58 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 5690C32; Wed, 17 Jun 2009 19:27:57 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 1CB6580E08; Wed, 17 Jun 2009 19:27:57 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id C2DCD80E07 for ; Wed, 17 Jun 2009 19:27:55 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id BDA2829; Wed, 17 Jun 2009 19:27:55 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id B8E8430 for ; Wed, 17 Jun 2009 19:27:55 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id B33C329 for ; Wed, 17 Jun 2009 19:27:55 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 9AC877CC0B1; Wed, 17 Jun 2009 19:27:55 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 03043-01; Wed, 17 Jun 2009 19:27:55 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 760767CC065 for ; Wed, 17 Jun 2009 19:27:55 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AkYAAIEmOUqDa3PWkWdsb2JhbACYXAEBAQEJCwoHEwagWpg2hAgFiFk X-IronPort-AV: E=Sophos;i="4.42,240,1243832400"; d="scan'208";a="28146339" Received: from mail3.microsoft.com (HELO smtp.microsoft.com) ([131.107.115.214]) by mailgateway.anl.gov with ESMTP; 17 Jun 2009 19:27:54 -0500 Received: from TK5EX14MLTC103.redmond.corp.microsoft.com (157.54.79.174) by TK5-EXGWY-E803.partners.extranet.microsoft.com (10.251.56.169) with Microsoft SMTP Server (TLS) id 8.2.99.4; Wed, 17 Jun 2009 17:27:54 -0700 Received: from TK5EX14MLTW651.wingroup.windeploy.ntdev.microsoft.com (157.54.71.39) by TK5EX14MLTC103.redmond.corp.microsoft.com (157.54.79.174) with Microsoft SMTP Server id 14.0.601.1; Wed, 17 Jun 2009 17:27:54 -0700 Received: from TK5EX14MBXW651.wingroup.windeploy.ntdev.microsoft.com ([169.254.1.90]) by TK5EX14MLTW651.wingroup.windeploy.ntdev.microsoft.com ([157.54.71.39]) with mapi; Wed, 17 Jun 2009 17:27:54 -0700 From: Larry Zhu To: Greg Hudson , Sam Hartman Thread-Topic: [Ietf-krb-wg] FAST LC: removing ap-req armor for TGS Thread-Index: AQHJ7zjF3YQF0wrJOEa1Uvlde9YhF5BLNQmAgABCytA= Date: Thu, 18 Jun 2009 00:27:51 +0000 Message-ID: References: <1245245123.21227.62.camel@ray> In-Reply-To: <1245245123.21227.62.camel@ray> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: "ietf-krb-wg@anl.gov" Subject: Re: [Ietf-krb-wg] FAST LC: removing ap-req armor for TGS X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov I agree with the proposal. Let's also require the strengthen-key key to be present in the TGS reply in order to ensure that the outer KDC request is cryptographically bound with the TGS request. --Larry -----Original Message----- From: ietf-krb-wg-bounces@lists.anl.gov [mailto:ietf-krb-wg-bounces@lists.anl.gov] On Behalf Of Greg Hudson Sent: Wednesday, June 17, 2009 6:25 AM To: Sam Hartman Cc: ietf-krb-wg@anl.gov Subject: Re: [Ietf-krb-wg] FAST LC: removing ap-req armor for TGS On Tue, 2009-06-16 at 16:41 -0400, Sam Hartman wrote: > So, I propose to remove the support for ap-req armor from the TGS. I > propose to note that any armor types designed for use with the TGS > must authenticate the client to the TGS and explain why that is true > for the implicit armor. I agree with this proposal. (As Sam implied, I spent some time analyzing this problem during a private discussion of the security impact.) _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From frobnica@GREENPRIDE.COM Thu Jun 18 13:02:06 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EE0893A69AE for ; Thu, 18 Jun 2009 13:02:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -15.363 X-Spam-Level: X-Spam-Status: No, score=-15.363 tagged_above=-999 required=5 tests=[BAYES_99=3.5, GB_I_LETTER=-2, HELO_EQ_DSL=1.129, HTML_IMAGE_ONLY_28=1.561, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QObuoIvh6BGl for ; Thu, 18 Jun 2009 13:02:00 -0700 (PDT) Received: from athedsl-4442363.home.otenet.gr (athedsl-4442363.home.otenet.gr [79.129.184.235]) by core3.amsl.com (Postfix) with ESMTP id 935C23A65A5 for ; Thu, 18 Jun 2009 13:01:53 -0700 (PDT) From: To: krb-wg-archive@lists.ietf.org Subject: For: krb-wg-archive@lists.ietf.org Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit MIME-Version: 1.0 Message-Id: <20090618200153.935C23A65A5@core3.amsl.com> Date: Thu, 18 Jun 2009 13:01:53 -0700 (PDT) imjyig
Sign up for newsletters and offers from qxosy.

If you can't read this message from kojny , then Click Here.
You are receiving this e-mail because you subscribed to pyezjw Featured Offers. qpo respects your privacy. Please read our online Privacy Statement.

If you would prefer to no longer receive this Featured Offer Newsletter, please click the “Unsubscribe” link below. This will not unsubscribe you from e-mail communications from third-party advertisers that may appear in yti Featured Offers. This shall not constitute an offer by foic. ycj shall not be responsible or liable for the advertisers' content nor any of the goods or service advertised. Prices and item availability subject to change without notice. To set your contact preferences for other atayr communications, see the communications preferences section of the yrj Privacy Statement.

©2009 ojivqq | Unsubscribe | More Newsletters | Privacy

ipedq Corporation, zjirux Way, umof
From lryand@advent-elect.com Sat Jun 20 15:01:43 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C8FFB3A67B7 for ; Sat, 20 Jun 2009 15:01:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.34 X-Spam-Level: X-Spam-Status: No, score=-5.34 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR2=4.395, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BZcaLkgfUV0d for ; Sat, 20 Jun 2009 15:01:37 -0700 (PDT) Received: from 77-22-190-30-dynip.superkabel.de (77-22-190-30-dynip.superkabel.de [77.22.190.30]) by core3.amsl.com (Postfix) with SMTP id 16C6C3A6801 for ; Sat, 20 Jun 2009 15:01:35 -0700 (PDT) To: krb-wg-archive@lists.ietf.org Subject: Pre-register info #870977 From: krb-wg-archive@lists.ietf.org MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090620220136.16C6C3A6801@core3.amsl.com> Date: Sat, 20 Jun 2009 15:01:35 -0700 (PDT)
Tell a friend | Download latest version See this email as a webpage

Hello!

Shipped Privately And Discreetly To Your Door!
See this email as a webpage
  We want to put a great big grin on your face in 2009. You'll be to rejoice all year.  

Unsubscribe | Lost Password | Account Settings | Help | Terms of Service | Privacy

Ottho Heldringstraat 8, 40199 AZ Amsterdam, The Netherlands
From ietf-krb-wg-bounces@lists.anl.gov Mon Jun 22 02:27:24 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E2DF43A6C21 for ; Mon, 22 Jun 2009 02:27:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.598 X-Spam-Level: X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2GPfy+Gv9J3z for ; Mon, 22 Jun 2009 02:27:23 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 3277E3A6A11 for ; Mon, 22 Jun 2009 02:27:23 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 613233A; Mon, 22 Jun 2009 04:27:38 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 045724C; Mon, 22 Jun 2009 04:27:32 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id B602180E08; Mon, 22 Jun 2009 04:27:32 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 9948280E07 for ; Mon, 22 Jun 2009 04:27:30 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 85AEA39; Mon, 22 Jun 2009 04:27:30 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 7D3193A for ; Mon, 22 Jun 2009 04:27:30 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 741EB39 for ; Mon, 22 Jun 2009 04:27:30 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 5CDCD7CC088; Mon, 22 Jun 2009 04:27:30 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 04850-04; Mon, 22 Jun 2009 04:27:30 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 19C777CC0B2 for ; Mon, 22 Jun 2009 04:27:29 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AloBAEPrPkqA3iAUkWdsb2JhbACCKSuLQYlJgQIBAQEBCQsKBxMFtAyECgU X-IronPort-AV: E=Sophos;i="4.42,267,1243832400"; d="scan'208,217";a="28257479" Received: from mexforward.lss.emc.com ([128.222.32.20]) by mailgateway.anl.gov with ESMTP; 22 Jun 2009 04:27:29 -0500 Received: from hop04-l1d11-si02.isus.emc.com (HOP04-L1D11-SI02.isus.emc.com [10.254.111.55]) by mexforward.lss.emc.com (Switch-3.3.2/Switch-3.1.7) with ESMTP id n5M9RSXh010444 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 22 Jun 2009 05:27:29 -0400 Received: from mailhub.lss.emc.com (nagas.lss.emc.com [10.254.144.15]) by hop04-l1d11-si02.isus.emc.com (Tablus Interceptor); Mon, 22 Jun 2009 05:27:16 -0400 Received: from corpussmtp1.corp.emc.com (corpussmtp1.corp.emc.com [128.221.10.43]) by mailhub.lss.emc.com (Switch-3.3.2mp/Switch-3.3.2mp) with ESMTP id n5M9RFC4004636; Mon, 22 Jun 2009 05:27:16 -0400 Received: from CORPUSMX50A.corp.emc.com ([128.221.62.43]) by corpussmtp1.corp.emc.com with Microsoft SMTPSVC(6.0.3790.3959); Mon, 22 Jun 2009 05:27:15 -0400 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Mon, 22 Jun 2009 05:27:13 -0400 Message-ID: <8682B0640707834A9BC5FD0CA4C3CE250689034A@CORPUSMX50A.corp.emc.com> In-Reply-To: <003501c9f319$433c5850$c9b508f0$@com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: OTP draft - full tagged ASN.1 structures Thread-Index: AcnzGUAnaNYVK4DyQ1mFMjBdQL/N5QAAZ9gw References: <003501c9f319$433c5850$c9b508f0$@com> From: To: , X-OriginalArrivalTime: 22 Jun 2009 09:27:15.0541 (UTC) FILETIME=[A177A850:01C9F31B] X-EMM-EM: Active X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Subject: Re: [Ietf-krb-wg] OTP draft - full tagged ASN.1 structures X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============8035649413859250903==" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov This is a multi-part message in MIME format. --===============8035649413859250903== Content-class: urn:content-classes:message Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C9F31B.A0F98949" This is a multi-part message in MIME format. ------_=_NextPart_001_01C9F31B.A0F98949 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Srini, =20 I have used tagging when there is more than one optional element of the same type and so without the tag, the decoder would not be able to tell which element is present. =20 For example, in the example, below, there are four elements of type OCTET STRING with the nonce being required and the other four elements being OPTIONAL. From what I understand, tagging is not required on the mandatory nonce element since there is no ambiguity (the first OCTET STRING will always be the nonce) but is required on the OPTIONAL elements since the next OCTET STRING element could be any of the four OPTIONAL elements. =20 --Gareth ________________________________ From: Srikalpi Software Private Limited [mailto:srikalpi@gmail.com]=20 Sent: 22 June 2009 05:10 To: Richards, Gareth; ietf-krb-wg@anl.gov Subject: OTP draft - full tagged ASN.1 structures =09 =09 Hi, =20 The tag numbers for all elements in the OTP ASN.1 structure like PA-OTP-REQUEST are missing, where as Kerberos structures use tags for all elements. =20 e.g. =20 PA-OTP-REQUEST ::=3D SEQUENCE { flags OTPFlags, nonce OCTET STRING, encData EncryptedData, -- PA-OTP-ENC-REQUEST or PA-ENC-TS-ENC -- Key usage of KEY_USAGE_OTP_REQUEST hashAlg AlgorithmIdentifier OPTIONAL, iterationCount Int32 OPTIONAL, otp-value OCTET STRING OPTIONAL, otp-challenge [0 ] OCTET STRING OPTIONAL, otp-time KerberosTime OPTIONAL, otp-counter [1 ] OCTET STRING OPTIONAL, otp-format [2 ] OTPFormat OPTIONAL, otp-keyID [3 ] OCTET STRING OPTIONAL, otp-algID AnyURI OPTIONAL, ... } =20 You can see above, all elements are not tagged and this is the same case with all structures. Not using tags might cause ambiguity? =20 Thanks, Srini =20 ------_=_NextPart_001_01C9F31B.A0F98949 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Srini,
 
I have used tagging when there is more than one = optional=20 element of the same type and so without the tag, the decoder would not = be able=20 to tell which element is present.
 
For example, in the example, below, there are = four elements=20 of type OCTET STRING with the nonce being required and the other four = elements=20 being OPTIONAL.  From what I understand, tagging is not required on = the=20 mandatory nonce element since there is no ambiguity (the first OCTET = STRING will=20 always be the nonce) but is required on the OPTIONAL elements since the = next=20 OCTET STRING element could be any of the four OPTIONAL=20 elements.
 
--Gareth

From: Srikalpi Software Private = Limited=20 [mailto:srikalpi@gmail.com]
Sent: 22 June 2009 = 05:10
To:=20 Richards, Gareth; ietf-krb-wg@anl.gov
Subject: OTP draft - = full=20 tagged ASN.1 structures

Hi,

 

The tag numbers for all elements in the OTP ASN.1 = structure=20 like PA-OTP-REQUEST are missing, where as Kerberos = structures=20 use tags for all elements.

 

e.g.

 
          &nb=
sp;  PA-OTP-REQUEST ::=3D SEQUENCE {
          &nb=
sp;    =
flags           &n=
bsp; OTPFlags,
          &nb=
sp;    =
nonce           &n=
bsp; OCTET STRING,
      =
         encData  =
         =
EncryptedData,
          &nb=
sp;           &nbs=
p;          -- =
PA-OTP-ENC-REQUEST or PA-ENC-TS-ENC
          &nb=
sp;           &nbs=
p;          -- Key usage of =
KEY_USAGE_OTP_REQUEST
          &nb=
sp;    =
hashAlg           =
AlgorithmIdentifier OPTIONAL,
        =
       iterationCount   =
; Int32         =
OPTIONAL,
          &nb=
sp;    =
otp-value         OCTET =
STRING    OPTIONAL,
          &nb=
sp;    otp-challenge [0] OCTET STRING    =
OPTIONAL,
  =
            &=
nbsp;otp-time          =
KerberosTime    OPTIONAL,
          &nb=
sp;    otp-counter   [1] OCTET STRING    =
OPTIONAL,
          &nb=
sp;    otp-format    [2] OTPFormat       =
OPTIONAL,
          &nb=
sp;    otp-keyID     [3] OCTET STRING    =
OPTIONAL,
          &nb=
sp;    =
otp-algID         =
AnyURI          =
OPTIONAL,
          &nb=
sp;    ...
          &nb=
sp;  }

 

You can see above, all elements are not tagged = and this is=20 the same case with all structures.

Not using tags might cause = ambiguity?

 

Thanks,
Srini

 

------_=_NextPart_001_01C9F31B.A0F98949-- --===============8035649413859250903== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg --===============8035649413859250903==-- From ietf-krb-wg-bounces@lists.anl.gov Mon Jun 22 02:34:02 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 649263A68E6 for ; Mon, 22 Jun 2009 02:34:02 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.598 X-Spam-Level: X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WvrDDCFLr8hH for ; Mon, 22 Jun 2009 02:34:01 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 317FB3A677C for ; Mon, 22 Jun 2009 02:34:01 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 2768C42; Mon, 22 Jun 2009 04:34:16 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id E9AE52E; Mon, 22 Jun 2009 04:34:15 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id C4C2D80E08; Mon, 22 Jun 2009 04:34:15 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id B13B880E07 for ; Mon, 22 Jun 2009 04:34:14 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id A0F9410; Mon, 22 Jun 2009 04:34:14 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 9ABE52E for ; Mon, 22 Jun 2009 04:34:14 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 933FE10 for ; Mon, 22 Jun 2009 04:34:14 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 7CA047CC0AF; Mon, 22 Jun 2009 04:34:14 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 05235-05; Mon, 22 Jun 2009 04:34:14 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 421F57CC088 for ; Mon, 22 Jun 2009 04:34:14 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Am8CAG7sPkrRVdvXm2dsb2JhbACCKSuVTT8BAQEBAQgJCgkTRaR3gRmNPwEDAgSEBgU X-IronPort-AV: E=Sophos;i="4.42,267,1243832400"; d="scan'208,217";a="28257572" Received: from mail-ew0-f215.google.com ([209.85.219.215]) by mailgateway.anl.gov with ESMTP; 22 Jun 2009 04:34:13 -0500 Received: by ewy11 with SMTP id 11so4203813ewy.19 for ; Mon, 22 Jun 2009 02:34:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:date :message-id:mime-version:content-type:x-mailer:thread-index :content-language; bh=MrlGEv/x2gkXqIivXa6w/Gbw3Yc67ytOrQISP7Qe+DM=; b=MKtrVWnBzv4aUmTwQ9GKOlFEWVwRmbio+hOSFIQ9+vQB8ENDVgz9p7HRTIlnJzoST1 hcl3g2N5SbswOsi6dvTElu1ZNysS1OgoTYtvDiHpRPTUifN5wy7ZN96lz+5LAKrFufvB erwo9kU7LhzV9gOvIn4jMR+gThLSUZ6ava+5I= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:message-id:mime-version:content-type:x-mailer :thread-index:content-language; b=x+T4Ha5aaB9lIascoNOJo1mTAfSOLp0R1dCHGAQIlVozj+xDQ577/ntI2SpeZlyP/D 4HpJIu+gyEXpLGT3c7o64gtsGn105NFv+MlQ1LQcDl8iBIfOgS4h1MfXaC+IEKfYDEyH hOMC4mCl5218GJLP662UpyGBzcsF0lPR63voY= Received: by 10.216.47.201 with SMTP id t51mr2072550web.198.1245663252748; Mon, 22 Jun 2009 02:34:12 -0700 (PDT) Received: from vistascheruku ([122.166.4.6]) by mx.google.com with ESMTPS id 24sm142768eyx.3.2009.06.22.02.34.09 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 22 Jun 2009 02:34:12 -0700 (PDT) From: "Srinivas Cheruku" To: , Date: Mon, 22 Jun 2009 15:03:34 +0530 Message-ID: <4a3f5014.1818d00a.41d9.125a@mx.google.com> MIME-Version: 1.0 X-Mailer: Microsoft Office Outlook 12.0 thread-index: AcnzHIMscszHNmRZQBeZWAnMHIRvtQ== Content-Language: en-in X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Subject: [Ietf-krb-wg] OTP draft - full tagged ASN.1 structures X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============2512865216979117914==" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov This is a multi-part message in MIME format. --===============2512865216979117914== Content-Type: multipart/alternative; boundary="----=_NextPart_000_0044_01C9F34A.9FCCAC10" Content-Language: en-in This is a multi-part message in MIME format. ------=_NextPart_000_0044_01C9F34A.9FCCAC10 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Hi, The tag numbers for all elements in the OTP ASN.1 structure like PA-OTP-REQUEST are missing, where as Kerberos structures use tags for all elements. e.g. PA-OTP-REQUEST ::= SEQUENCE { flags OTPFlags, nonce OCTET STRING, encData EncryptedData, -- PA-OTP-ENC-REQUEST or PA-ENC-TS-ENC -- Key usage of KEY_USAGE_OTP_REQUEST hashAlg AlgorithmIdentifier OPTIONAL, iterationCount Int32 OPTIONAL, otp-value OCTET STRING OPTIONAL, otp-challenge [0 ] OCTET STRING OPTIONAL, otp-time KerberosTime OPTIONAL, otp-counter [1 ] OCTET STRING OPTIONAL, otp-format [2 ] OTPFormat OPTIONAL, otp-keyID [3 ] OCTET STRING OPTIONAL, otp-algID AnyURI OPTIONAL, ... } You can see above, all elements are not tagged and this is the same case with all structures. Not using tags might cause ambiguity? Thanks, Srini ------=_NextPart_000_0044_01C9F34A.9FCCAC10 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi,

 

The tag numbers for all elements in the OTP ASN.1 = structure like PA-OTP-REQUEST are missing, where as Kerberos = structures use tags for all elements.

 

e.g.

 
          &nb=
sp;  PA-OTP-REQUEST ::=3D SEQUENCE {
          &nb=
sp;    =
flags           &n=
bsp; OTPFlags,
          &nb=
sp;    =
nonce           &n=
bsp; OCTET STRING,
      =
         encData  =
         =
EncryptedData,
          &nb=
sp;           &nbs=
p;          -- =
PA-OTP-ENC-REQUEST or PA-ENC-TS-ENC
          &nb=
sp;           &nbs=
p;          -- Key usage of =
KEY_USAGE_OTP_REQUEST
          &nb=
sp;    =
hashAlg           =
AlgorithmIdentifier OPTIONAL,
        =
       iterationCount   =
; Int32         =
OPTIONAL,
          &nb=
sp;    =
otp-value         OCTET =
STRING    OPTIONAL,
          &nb=
sp;    otp-challenge [0] OCTET STRING    =
OPTIONAL,
  =
            &=
nbsp;otp-time          =
KerberosTime    OPTIONAL,
          &nb=
sp;    otp-counter   [1] OCTET STRING    =
OPTIONAL,
          &nb=
sp;    otp-format    [2] OTPFormat       =
OPTIONAL,
          &nb=
sp;    otp-keyID     [3] OCTET STRING    =
OPTIONAL,
          &nb=
sp;    =
otp-algID         =
AnyURI          =
OPTIONAL,
          &nb=
sp;    ...
          &nb=
sp;  }

 

You can see above, all elements are not tagged and = this is the same case with all structures.

Not using tags might cause = ambiguity?

 

Thanks,
Srini

 

------=_NextPart_000_0044_01C9F34A.9FCCAC10-- --===============2512865216979117914== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg --===============2512865216979117914==-- From ietf-krb-wg-bounces@lists.anl.gov Mon Jun 22 03:11:11 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 65E2B3A6DC3 for ; Mon, 22 Jun 2009 03:11:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.598 X-Spam-Level: X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_HTML_MOSTLY=0.001] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id StB8dBFLGYaR for ; Mon, 22 Jun 2009 03:11:10 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id E9CCB3A6825 for ; Mon, 22 Jun 2009 03:11:09 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id E617550; Mon, 22 Jun 2009 05:11:24 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id A664448; Mon, 22 Jun 2009 05:11:24 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 6314480E08; Mon, 22 Jun 2009 05:11:24 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id C43A880E07 for ; Mon, 22 Jun 2009 05:11:22 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id B1BF310; Mon, 22 Jun 2009 05:11:22 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id A905A41 for ; Mon, 22 Jun 2009 05:11:22 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 9D50E3A for ; Mon, 22 Jun 2009 05:11:22 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 7A2B67CC073; Mon, 22 Jun 2009 05:11:22 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 20530-02-7; Mon, 22 Jun 2009 05:11:22 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id B2AED7CC07E for ; Mon, 22 Jun 2009 05:11:18 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: As8EAM71PkrRVdvXm2dsb2JhbACCKSuLQYoMPwEBAQEBCAkKCROlQoEZjToBAwIEhAYF X-IronPort-AV: E=Sophos;i="4.42,267,1243832400"; d="scan'208,217";a="28259672" Received: from mail-ew0-f215.google.com ([209.85.219.215]) by mailgateway.anl.gov with ESMTP; 22 Jun 2009 05:05:44 -0500 Received: by ewy11 with SMTP id 11so4227446ewy.19 for ; Mon, 22 Jun 2009 03:05:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:references :in-reply-to:subject:date:message-id:mime-version:content-type :x-mailer:thread-index:content-language; bh=C3bduvZwAaehLMyTnrrcdMNqw07pKScIF6MCdMdrxyc=; b=oy5RaVZGTTjthYBgk4hgpSQEUBnv8crRMp42MozRrY3MAf8g2I4DRKLyOxCwkn6D+Y o1CwU3JHNWAiKk93UM5hgtAsDV0qxmLn+753E0+6b7HxxpNrwBSdf54W2thKV9526yZ9 xENkOe/AWYfkHQcwq/iDarag3vqEbxgIsWXCw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:references:in-reply-to:subject:date:message-id:mime-version :content-type:x-mailer:thread-index:content-language; b=Z13AMr2wXCdTAmXr978rTIiuLL1ccX7x2EGY5o0XCNpCJ16GE8DMj7NjgF7vbcSQ/I mxBVN3wg+1HIfsbDIB3pFODiFYF1D9haqeNeS7qPvb9t+0yl20jGkyL3/OQc2XdtWd6r MmssbiEHdnpSVzE7LMMaZmVDfLDvqpOgu1Yt0= Received: by 10.210.17.2 with SMTP id 2mr4802748ebq.23.1245665144005; Mon, 22 Jun 2009 03:05:44 -0700 (PDT) Received: from vistascheruku ([122.166.4.6]) by mx.google.com with ESMTPS id 7sm45003eyg.52.2009.06.22.03.05.40 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 22 Jun 2009 03:05:42 -0700 (PDT) From: "Srinivas Cheruku" To: , References: <003501c9f319$433c5850$c9b508f0$@com> <8682B0640707834A9BC5FD0CA4C3CE250689034A@CORPUSMX50A.corp.emc.com> In-Reply-To: <8682B0640707834A9BC5FD0CA4C3CE250689034A@CORPUSMX50A.corp.emc.com> Date: Mon, 22 Jun 2009 15:35:04 +0530 Message-ID: <4a3f5776.0707d00a.64d5.0793@mx.google.com> MIME-Version: 1.0 X-Mailer: Microsoft Office Outlook 12.0 thread-index: AcnzGUAnaNYVK4DyQ1mFMjBdQL/N5QAAZ9gwAAFdj0A= Content-Language: en-in X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Subject: Re: [Ietf-krb-wg] OTP draft - full tagged ASN.1 structures X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============3935356381436836198==" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov This is a multi-part message in MIME format. --===============3935356381436836198== Content-Type: multipart/alternative; boundary="----=_NextPart_000_0049_01C9F34F.0665CA70" Content-Language: en-in This is a multi-part message in MIME format. ------=_NextPart_000_0049_01C9F34F.0665CA70 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit HI All, Do you think it is better to use tagging for all elements, so that the OTP structures are consistent with the Kerberos structures? I feel it is better to tag all elements as the decoder can get the element with the required tag number if necessary from the ASN data. Any opinions? Thanks, Srini From: ietf-krb-wg-bounces@lists.anl.gov [mailto:ietf-krb-wg-bounces@lists.anl.gov] On Behalf Of gareth.richards@rsa.com Sent: 22 June 2009 14:57 To: srikalpi@gmail.com; ietf-krb-wg@anl.gov Subject: Re: [Ietf-krb-wg] OTP draft - full tagged ASN.1 structures Srini, I have used tagging when there is more than one optional element of the same type and so without the tag, the decoder would not be able to tell which element is present. For example, in the example, below, there are four elements of type OCTET STRING with the nonce being required and the other four elements being OPTIONAL. From what I understand, tagging is not required on the mandatory nonce element since there is no ambiguity (the first OCTET STRING will always be the nonce) but is required on the OPTIONAL elements since the next OCTET STRING element could be any of the four OPTIONAL elements. --Gareth _____ From: Srikalpi Software Private Limited [mailto:srikalpi@gmail.com] Sent: 22 June 2009 05:10 To: Richards, Gareth; ietf-krb-wg@anl.gov Subject: OTP draft - full tagged ASN.1 structures Hi, The tag numbers for all elements in the OTP ASN.1 structure like PA-OTP-REQUEST are missing, where as Kerberos structures use tags for all elements. e.g. PA-OTP-REQUEST ::= SEQUENCE { flags OTPFlags, nonce OCTET STRING, encData EncryptedData, -- PA-OTP-ENC-REQUEST or PA-ENC-TS-ENC -- Key usage of KEY_USAGE_OTP_REQUEST hashAlg AlgorithmIdentifier OPTIONAL, iterationCount Int32 OPTIONAL, otp-value OCTET STRING OPTIONAL, otp-challenge [0 ] OCTET STRING OPTIONAL, otp-time KerberosTime OPTIONAL, otp-counter [1 ] OCTET STRING OPTIONAL, otp-format [2 ] OTPFormat OPTIONAL, otp-keyID [3 ] OCTET STRING OPTIONAL, otp-algID AnyURI OPTIONAL, ... } You can see above, all elements are not tagged and this is the same case with all structures. Not using tags might cause ambiguity? Thanks, Srini ------=_NextPart_000_0049_01C9F34F.0665CA70 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

HI = All,

 

Do you think it is = better to use tagging for all elements, so that the OTP structures are consistent with = the Kerberos structures?

 

I feel it is better = to tag all elements as the decoder can get the element with the required tag number = if necessary from the ASN data. Any opinions?

 

Thanks,
Srini

 

 

From: ietf-krb-wg-bounces@lists.anl.gov [mailto:ietf-krb-wg-bounces@lists.anl.gov] On Behalf Of = gareth.richards@rsa.com
Sent: 22 June 2009 14:57
To: srikalpi@gmail.com; ietf-krb-wg@anl.gov
Subject: Re: [Ietf-krb-wg] OTP draft - full tagged ASN.1 = structures

 

Srini,

 

I have used tagging when there is more than one optional = element of the same type and so without the tag, the decoder would not be able to = tell which element is present.

 

For example, in the example, below, there are four elements = of type OCTET STRING with the nonce being required and the other four elements = being OPTIONAL.  From what I understand, tagging is not required on the mandatory nonce element since there is no ambiguity (the first OCTET = STRING will always be the nonce) but is required on the OPTIONAL elements since = the next OCTET STRING element could be any of the four OPTIONAL = elements.

 

--Gareth

 

From:= Srikalpi Software Private Limited [mailto:srikalpi@gmail.com]
Sent: 22 June 2009 05:10
To: Richards, Gareth; ietf-krb-wg@anl.gov
Subject: OTP draft - full tagged ASN.1 structures

Hi,

 

The tag numbers for all elements in the OTP ASN.1 = structure like PA-OTP-REQUEST are missing, where as Kerberos = structures use tags for all elements.

 

e.g.

 
          &nb=
sp;  PA-OTP-REQUEST ::=3D SEQUENCE {
          &nb=
sp;    =
flags           &n=
bsp; OTPFlags,
          &nb=
sp;    =
nonce           &n=
bsp; OCTET STRING,
      =
         encData  =
         =
EncryptedData,
          &nb=
sp;           &nbs=
p;          -- =
PA-OTP-ENC-REQUEST or PA-ENC-TS-ENC
          &nb=
sp;           &nbs=
p;          -- Key usage of =
KEY_USAGE_OTP_REQUEST
          &nb=
sp;    =
hashAlg           =
AlgorithmIdentifier OPTIONAL,
        =
       iterationCount   =
; Int32         =
OPTIONAL,
          &nb=
sp;    =
otp-value         OCTET =
STRING    OPTIONAL,
          &nb=
sp;    otp-challenge [0] OCTET STRING    =
OPTIONAL,
  =
            &=
nbsp;otp-time          =
KerberosTime    OPTIONAL,
          &nb=
sp;    otp-counter   [1] OCTET STRING    =
OPTIONAL,
          &nb=
sp;    otp-format    [2] OTPFormat       =
OPTIONAL,
          &nb=
sp;    otp-keyID     [3] OCTET STRING    =
OPTIONAL,
          &nb=
sp;    =
otp-algID         =
AnyURI          =
OPTIONAL,
          &nb=
sp;    ...
          &nb=
sp;  }

 

You can see above, all elements are not tagged and = this is the same case with all structures.

Not using tags might cause = ambiguity?

 

Thanks,
Srini

 

------=_NextPart_000_0049_01C9F34F.0665CA70-- --===============3935356381436836198== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg --===============3935356381436836198==-- From ietf-krb-wg-bounces@lists.anl.gov Mon Jun 22 04:00:08 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DB0293A69E6 for ; Mon, 22 Jun 2009 04:00:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.598 X-Spam-Level: X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yzsBuVBwt+js for ; Mon, 22 Jun 2009 04:00:07 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id AA2393A6A56 for ; Mon, 22 Jun 2009 04:00:07 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 0AC8458; Mon, 22 Jun 2009 06:00:23 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id F252A4C; Mon, 22 Jun 2009 06:00:19 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 8749580E08; Mon, 22 Jun 2009 06:00:19 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 7E4F580E07 for ; Mon, 22 Jun 2009 06:00:17 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 77B0510; Mon, 22 Jun 2009 06:00:17 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 7271141 for ; Mon, 22 Jun 2009 06:00:17 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 6AA1810 for ; Mon, 22 Jun 2009 06:00:17 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 521057CC066; Mon, 22 Jun 2009 06:00:17 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 23986-08; Mon, 22 Jun 2009 06:00:17 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 255E17CC05F for ; Mon, 22 Jun 2009 06:00:17 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AmICAIcBP0pKfU4bk2dsb2JhbACCKSuVTT8BAQEBCQkKCRMDpTOBGTIEAY0EAQMCBIJTBQGBLQU X-IronPort-AV: E=Sophos;i="4.42,267,1243832400"; d="scan'208,217";a="28260495" Received: from ey-out-2122.google.com ([74.125.78.27]) by mailgateway.anl.gov with ESMTP; 22 Jun 2009 06:00:16 -0500 Received: by ey-out-2122.google.com with SMTP id 9so413284eyd.19 for ; Mon, 22 Jun 2009 04:00:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:date :message-id:mime-version:content-type:x-mailer:thread-index :content-language; bh=n8Ul/tdXXwa8oBPVWROvyzFhWTKSQXAXSZobZb1SgEw=; b=iSC337g5t6qPiUvLFPo/ar2oDQOtsDc2kZtrPygiTViLWe4EICoHsgzhN3HXWcFw3e SqACYp0YCnjs7pNnr+2C3y/qzXdLkd1UGWnpVduO3dg0G16pbOrvbhyDETxCrJE52OBZ /p47qIP/bMmLI1WX79j0pe8H3uv+J93orHFPM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:message-id:mime-version:content-type:x-mailer :thread-index:content-language; b=iYfJwipk4KfdN3WP45oSZjXerLv3VluVy0Sw17j+mzieRmlNh1o+EC3+4FtHoXuBsA 6V6tlnm5B81PYREFrzE9Y2Z0dufB9b/z64KxboKMCfjybD1wf4LEAPejBZn+wL/xNYOD pT88EbjXJORXukB6nkp3JEsWqHKn54TydT0zA= Received: by 10.216.19.212 with SMTP id n62mr2158655wen.66.1245668415750; Mon, 22 Jun 2009 04:00:15 -0700 (PDT) Received: from vistascheruku ([122.166.4.6]) by mx.google.com with ESMTPS id 7sm215961eyb.35.2009.06.22.04.00.12 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 22 Jun 2009 04:00:14 -0700 (PDT) From: "Srinivas Cheruku" To: , Date: Mon, 22 Jun 2009 16:29:37 +0530 Message-ID: <4a3f643e.0702d00a.6e59.210f@mx.google.com> MIME-Version: 1.0 X-Mailer: Microsoft Office Outlook 12.0 thread-index: AcnzKIit3jwVaa2mSxu0tk/vdCI3Xw== Content-Language: en-in X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Subject: [Ietf-krb-wg] OTP draft - PIN change service X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============2853476493579842226==" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov This is a multi-part message in MIME format. --===============2853476493579842226== Content-Type: multipart/alternative; boundary="----=_NextPart_000_004E_01C9F356.A4FC3960" Content-Language: en-in This is a multi-part message in MIME format. ------=_NextPart_000_004E_01C9F356.A4FC3960 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Hi, >From OTP draft, In the user is required to change their PIN then it is recommended that user PIN change be handled by a PIN-change service supporting the ChangePasswdData in a AP-REQ as described in [ RFC3244]. Just saying as above will not suffice as there are issues which needs to be addressed for PIN change service are: 1) A standard port needs to be defined for the PIN change service or at least a way for the current RFC3244 password change service to distinguish between PIN and Kerberos password changes 2) The PIN change service would need a way of telling which token of the user is having its PIN change 3) Related to issue 2, the PIN change service would need to be able to determine which OTP-server is handling the token(Multiple OTP servers can be used in an organization). Thanks, Srini ------=_NextPart_000_004E_01C9F356.A4FC3960 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi,

 

From OTP draft,

 

   In =
the user is required to change their PIN then it is =
recommended
   that =
user PIN change be handled by a PIN-change service =
supporting

   the ChangePasswdData in a AP-REQ as described in [RFC3244]. = ;

 

Just saying as above will not suffice as there are = issues which needs to be addressed for PIN change service are:

    1) A standard port needs to be = defined for the PIN change service or at least a way for the current RFC3244 = password change service to distinguish between PIN and Kerberos password = changes

    2) The PIN change service would = need a way of telling which token of the user is having its PIN = change

    3) Related to issue 2, the PIN = change service would need to be able to determine which OTP-server is handling = the token(Multiple OTP servers can be used in an = organization).

 

Thanks,
Srini

------=_NextPart_000_004E_01C9F356.A4FC3960-- --===============2853476493579842226== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg --===============2853476493579842226==-- From ietf-krb-wg-bounces@lists.anl.gov Mon Jun 22 14:37:36 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0D93828C178 for ; Mon, 22 Jun 2009 14:37:36 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.206 X-Spam-Level: X-Spam-Status: No, score=-3.206 tagged_above=-999 required=5 tests=[AWL=-0.607, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mj8iBIVtzmZc for ; Mon, 22 Jun 2009 14:37:35 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 0C20B3A6CBA for ; Mon, 22 Jun 2009 14:37:35 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 9FF1A4F; Mon, 22 Jun 2009 16:37:50 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 6E3722C; Mon, 22 Jun 2009 16:37:47 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 5DE9780E05; Mon, 22 Jun 2009 16:37:47 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 64B7A80E01 for ; Mon, 22 Jun 2009 16:37:45 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 5485F2D; Mon, 22 Jun 2009 16:37:45 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 501CA2C for ; Mon, 22 Jun 2009 16:37:45 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 498902D for ; Mon, 22 Jun 2009 16:37:45 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 3248A7CC0D3; Mon, 22 Jun 2009 16:37:45 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 24542-03; Mon, 22 Jun 2009 16:37:45 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 12FA07CC073 for ; Mon, 22 Jun 2009 16:37:45 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AoYBAFuWP0oSBwdQkWdsb2JhbACYZgEBAQEJCwoHEwWoUoUniE+ECgU X-IronPort-AV: E=Sophos;i="4.42,271,1243832400"; d="scan'208";a="28287707" Received: from biscayne-one-station.mit.edu ([18.7.7.80]) by mailgateway.anl.gov with ESMTP; 22 Jun 2009 16:37:44 -0500 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id n5MLbgnk013434; Mon, 22 Jun 2009 17:37:43 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id n5MLbgkD011756 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 22 Jun 2009 17:37:42 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9.20060308) id n5MLbfrm008707; Mon, 22 Jun 2009 17:37:41 -0400 (EDT) To: "Srinivas Cheruku" References: <003501c9f319$433c5850$c9b508f0$@com> <8682B0640707834A9BC5FD0CA4C3CE250689034A@CORPUSMX50A.corp.emc.com> <4a3f5776.0707d00a.64d5.0793@mx.google.com> From: Tom Yu Date: Mon, 22 Jun 2009 17:37:41 -0400 In-Reply-To: <4a3f5776.0707d00a.64d5.0793@mx.google.com> (Srinivas Cheruku's message of "Mon, 22 Jun 2009 15:35:04 +0530") Message-ID: Lines: 28 MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.42 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@anl.gov Subject: Re: [Ietf-krb-wg] OTP draft - full tagged ASN.1 structures X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov "Srinivas Cheruku" writes: > Do you think it is better to use tagging for all elements, so that the OTP > structures are consistent with the Kerberos structures? > > > > I feel it is better to tag all elements as the decoder can get the element > with the required tag number if necessary from the ASN data. Any opinions? I support following the existing tagging style of RFC 1510, despite its disadvantages. Context-specific tagging (the sort of ASN.1 tags applied by using notation such as "[0]" in front of a type name) is not strictly necessary unless there would be ambiguity resulting from the existing tag of the type that it modifies. One example would be two consecutive optional fields of a structure having the same type. It is possible to use the absolute minimum amount of tagging required by the rules of ASN.1. While using context-specific tags in places where they are not strictly required introduces some inefficiency to the encoding, I believe it is useful to follow the tagging style established by earlier Kerberos protocol standards such as RFC 1510. Among other things, some implementations, including MIT's, will have an easier time supporting ASN.1 types that have full tagging of their components. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Tue Jun 23 04:24:50 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 81B5D3A6B85 for ; Tue, 23 Jun 2009 04:24:50 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.453 X-Spam-Level: X-Spam-Status: No, score=-2.453 tagged_above=-999 required=5 tests=[AWL=0.146, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R0PcSZq3MBUI for ; Tue, 23 Jun 2009 04:24:49 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 7F5783A6979 for ; Tue, 23 Jun 2009 04:24:49 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 7A3573F; Tue, 23 Jun 2009 06:25:05 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 484C52C; Tue, 23 Jun 2009 06:25:00 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 290BF80E05; Tue, 23 Jun 2009 06:25:00 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 2F3F380E01 for ; Tue, 23 Jun 2009 06:24:58 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 2051B21; Tue, 23 Jun 2009 06:24:58 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 1B68F2C for ; Tue, 23 Jun 2009 06:24:58 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 15BD021 for ; Tue, 23 Jun 2009 06:24:58 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id F32A47CC0E4; Tue, 23 Jun 2009 06:24:57 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 30243-06; Tue, 23 Jun 2009 06:24:57 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id DBA967CC080 for ; Tue, 23 Jun 2009 06:24:57 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApoEAOJYQEpFGcSy/2dsb2JhbADAR4ZViE+ECgU X-IronPort-AV: E=Sophos;i="4.42,275,1243832400"; d="scan'208";a="28301877" Received: from carter-zimmerman.suchdamage.org ([69.25.196.178]) by mailgateway.anl.gov with ESMTP; 23 Jun 2009 06:24:57 -0500 Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id B585A4143; Tue, 23 Jun 2009 07:24:56 -0400 (EDT) To: "Srinivas Cheruku" References: <4a3f5014.1818d00a.41d9.125a@mx.google.com> From: Sam Hartman Date: Tue, 23 Jun 2009 07:24:56 -0400 In-Reply-To: <4a3f5014.1818d00a.41d9.125a@mx.google.com> (Srinivas Cheruku's message of "Mon\, 22 Jun 2009 15\:03\:34 +0530") Message-ID: User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux) MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@anl.gov Subject: Re: [Ietf-krb-wg] OTP draft - full tagged ASN.1 structures X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov >>>>> "Srinivas" == Srinivas Cheruku writes: Srinivas> Hi, The tag numbers for all elements in the OTP ASN.1 Srinivas> structure like PA-OTP-REQUEST are missing, where as Srinivas> Kerberos structures use tags for all elements. While these tags are not required by the ASN.1 spec, at least for some Kerberos implementations it would be far easier to implement ASN.1 that followed the Kerberos style. OTOH, it is late in the process for this sort of change. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Tue Jun 23 04:35:28 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 824583A6CDF for ; Tue, 23 Jun 2009 04:35:28 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.598 X-Spam-Level: X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[AWL=0.001, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eWZE+4eKdUlU for ; Tue, 23 Jun 2009 04:35:27 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 72C6F3A6979 for ; Tue, 23 Jun 2009 04:35:27 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 1F1402C; Tue, 23 Jun 2009 06:35:43 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id C786841; Tue, 23 Jun 2009 06:35:41 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id B145080E05; Tue, 23 Jun 2009 06:35:41 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 111E880E01 for ; Tue, 23 Jun 2009 06:35:40 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 0B59A21; Tue, 23 Jun 2009 06:35:40 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 06E092C for ; Tue, 23 Jun 2009 06:35:40 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 01B0621 for ; Tue, 23 Jun 2009 06:35:40 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id E071A7CC0EC; Tue, 23 Jun 2009 06:35:39 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 00462-08; Tue, 23 Jun 2009 06:35:39 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id DBD9B7CC094 for ; Tue, 23 Jun 2009 06:35:37 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AmECADxbQErRVdvXmGdsb2JhbACYJz8BAQEBAQgJDAcTpV+BGY9RAQMCBIQGBYhu X-IronPort-AV: E=Sophos;i="4.42,275,1243832400"; d="scan'208";a="28302201" Received: from mail-ew0-f215.google.com ([209.85.219.215]) by mailgateway.anl.gov with ESMTP; 23 Jun 2009 06:35:37 -0500 Received: by ewy11 with SMTP id 11so5214581ewy.19 for ; Tue, 23 Jun 2009 04:35:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:cc:references :in-reply-to:subject:date:message-id:mime-version:content-type :content-transfer-encoding:x-mailer:thread-index:content-language; bh=XrEAc4kvQzV73y/XWbcOzbsaSOwvWYqtkOXntUH9e7Q=; b=BFV2ErMT4FsDq59Ez1fsyZKLE7QiX4et20IsbIfD5XbkKRFqQhPGPkY3Kcmz+Tp150 0ZHuxESeT5PorpXpDain/HjTOcuHcUYGaPobww7HA1tWgsnvhvEQkcykn63xz6+F6yMK LDQebVP1KXvCiTS5mVBioqRo+zzBM+fJ7eAHQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:cc:references:in-reply-to:subject:date:message-id :mime-version:content-type:content-transfer-encoding:x-mailer :thread-index:content-language; b=qK70d3syIneNeMtXIS21wa7IPUF6FM0qYVmeak1alJPE3465w13mfvF4CZMtEo3Qg9 eTY+h3gdk9NHYqIgp3tRQdo4Co5ByCXwIYvpBSklTB7Xh8jENO14hrm5eTlCTQagNp0u D0ZuOFNKNm8R0cz3lCE5NWBevuN/OZF8WCpyg= Received: by 10.210.10.8 with SMTP id 8mr6223313ebj.88.1245756936895; Tue, 23 Jun 2009 04:35:36 -0700 (PDT) Received: from vistascheruku ([122.166.4.6]) by mx.google.com with ESMTPS id 28sm12282eyg.54.2009.06.23.04.35.34 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 23 Jun 2009 04:35:36 -0700 (PDT) From: "Srinivas Cheruku" To: "'Sam Hartman'" References: <4a3f5014.1818d00a.41d9.125a@mx.google.com> In-Reply-To: Date: Tue, 23 Jun 2009 17:04:59 +0530 Message-ID: <4a40be08.1c07d00a.6e0b.035a@mx.google.com> MIME-Version: 1.0 X-Mailer: Microsoft Office Outlook 12.0 thread-index: Acnz9T1vOXn4KRzDTcKh0jF3w33HvAAAQoEA Content-Language: en-in X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@anl.gov Subject: Re: [Ietf-krb-wg] OTP draft - full tagged ASN.1 structures X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov >>>>> Sam Hartman [mailto:hartmans-ietf@mit.edu] writes: >While these tags are not required by the ASN.1 spec, at least for some >Kerberos implementations it would be far easier to implement ASN.1 >that followed the Kerberos style. >OTOH, it is late in the process for this sort of change. I think Gareth can change the draft and I don't think it is too late. Thanks, Srini _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From news@americanfocus.com Tue Jun 23 07:00:59 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 848F828C35E for ; Tue, 23 Jun 2009 07:00:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 3.433 X-Spam-Level: *** X-Spam-Status: No, score=3.433 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_RELAY_NODNS=1.451, HELO_DYNAMIC_HCC=4.295, HELO_DYNAMIC_IPADDR2=4.395, HELO_DYNAMIC_SPLIT_IP=3.493, HELO_EQ_BR=0.955, HELO_EQ_DSL=1.129, HELO_EQ_DYNAMIC=1.144, HELO_EQ_IP_ADDR=1.119, HELO_MISMATCH_BR=2.4, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RCVD_NUMERIC_HELO=2.067, RDNS_NONE=0.1, SARE_UNI=0.591, TVD_RCVD_IP=1.931, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hVBP6XU+jyp7 for ; Tue, 23 Jun 2009 07:00:52 -0700 (PDT) Received: from 189.115.245.78.dynamic.adsl.gvt.net.br (unknown [189.115.152.212]) by core3.amsl.com (Postfix) with SMTP id 3549628C35F for ; Tue, 23 Jun 2009 07:00:48 -0700 (PDT) To: krb-wg-archive@lists.ietf.org Subject: BestBuy.com Deal of the Day From: krb-wg-archive@lists.ietf.org MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090623140051.3549628C35F@core3.amsl.com> Date: Tue, 23 Jun 2009 07:00:48 -0700 (PDT)
Tell a friend | Download latest version See this email as a webpage

Hello!

Shipped Privately And Discreetly To Your Door!
See this email as a webpage
  We want to put a great big grin on your face in 2009. You'll be to rejoice all year.  

Unsubscribe | Lost Password | Account Settings | Help | Terms of Service | Privacy

Ottho Heldringstraat 3, 69210 AZ Amsterdam, The Netherlands
From michael1@adam.com Tue Jun 23 20:27:16 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7ABFB3A6F15 for ; Tue, 23 Jun 2009 20:27:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 4.125 X-Spam-Level: **** X-Spam-Status: No, score=4.125 tagged_above=-999 required=5 tests=[BAYES_80=2, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_DYNAMIC_HCC=4.295, HELO_DYNAMIC_IPADDR2=4.395, HELO_DYNAMIC_SPLIT_IP=3.493, HELO_EQ_DSL=1.129, HELO_EQ_IP_ADDR=1.119, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, RCVD_NUMERIC_HELO=2.067, RDNS_DYNAMIC=0.1, SARE_UNI=0.591, TVD_RCVD_IP=1.931, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 25D9g6jmh9UG for ; Tue, 23 Jun 2009 20:27:08 -0700 (PDT) Received: from 201.171.213.117.dsl.dyn.telnor.net (201.171.213.117.dsl.dyn.telnor.net [201.171.213.117]) by core3.amsl.com (Postfix) with SMTP id 76B733A6B80 for ; Tue, 23 Jun 2009 20:26:51 -0700 (PDT) To: krb-wg-archive@lists.ietf.org Subject: Your Buy.com order #737824 From: krb-wg-archive@lists.ietf.org MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090624032653.76B733A6B80@core3.amsl.com> Date: Tue, 23 Jun 2009 20:26:51 -0700 (PDT)
Tell a friend | Download latest version See this email as a webpage

Hello!

Shipped Privately And Discreetly To Your Door!
See this email as a webpage
  We want to put a great big grin on your face in 2009. You'll be to rejoice all year.  

Unsubscribe | Lost Password | Account Settings | Help | Terms of Service | Privacy

Ottho Heldringstraat 1, 96494 AZ Amsterdam, The Netherlands
From ietf-krb-wg-bounces@lists.anl.gov Fri Jun 26 05:54:44 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A65853A6AD8 for ; Fri, 26 Jun 2009 05:54:44 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.454 X-Spam-Level: X-Spam-Status: No, score=-2.454 tagged_above=-999 required=5 tests=[AWL=0.145, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5xhB5nmrq9lx for ; Fri, 26 Jun 2009 05:54:43 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id B67F43A67A7 for ; Fri, 26 Jun 2009 05:54:43 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 3BBDFE5; Fri, 26 Jun 2009 07:52:30 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 930C2E2; Fri, 26 Jun 2009 07:52:25 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 542B380E08; Fri, 26 Jun 2009 07:52:25 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id AC57680E01 for ; Fri, 26 Jun 2009 07:52:23 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 9D75646; Fri, 26 Jun 2009 07:52:23 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 98734E2 for ; Fri, 26 Jun 2009 07:52:23 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 9363846 for ; Fri, 26 Jun 2009 07:52:23 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 752A27CC115; Fri, 26 Jun 2009 07:52:23 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 26263-04; Fri, 26 Jun 2009 07:52:23 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 5C1E77CC113 for ; Fri, 26 Jun 2009 07:52:23 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApoEAGRhREpFGcSy/2dsb2JhbADAFIc+iE6EDQWIew X-IronPort-AV: E=Sophos;i="4.42,296,1243832400"; d="scan'208";a="28434057" Received: from carter-zimmerman.suchdamage.org ([69.25.196.178]) by mailgateway.anl.gov with ESMTP; 26 Jun 2009 07:52:23 -0500 Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id B390F4143; Fri, 26 Jun 2009 08:52:15 -0400 (EDT) To: Jeffrey Hutzelman References: <8B286FBC24EFFF4C7CE1AEC4@atlantis.pc.cs.cmu.edu> From: Sam Hartman Date: Fri, 26 Jun 2009 08:52:15 -0400 In-Reply-To: <8B286FBC24EFFF4C7CE1AEC4@atlantis.pc.cs.cmu.edu> (Jeffrey Hutzelman's message of "Fri\, 12 Jun 2009 12\:24\:18 -0400") Message-ID: User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux) MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@anl.gov Subject: Re: [Ietf-krb-wg] WG Last Call: draft-ietf-krb-wg-preauth-framework-12 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov I'm running a bit behind, but I hope to have a version of the preauthentication framework draft responsive to last call comments received (and to the discussion of those comments) ready before the Stockholm draft cutoff. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Fri Jun 26 08:32:31 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1D9B33A6A02 for ; Fri, 26 Jun 2009 08:32:31 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c8xuKarb0VcW for ; Fri, 26 Jun 2009 08:32:30 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id D727D3A6AE0 for ; Fri, 26 Jun 2009 08:32:29 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 2FD7D70; Fri, 26 Jun 2009 10:32:19 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id CB0B874; Fri, 26 Jun 2009 10:32:16 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 8A06A80E07; Fri, 26 Jun 2009 10:32:16 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 526C280E01 for ; Fri, 26 Jun 2009 10:32:15 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 4CD7235; Fri, 26 Jun 2009 10:32:15 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 4833D46 for ; Fri, 26 Jun 2009 10:32:15 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 438C435 for ; Fri, 26 Jun 2009 10:32:15 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 2D1CF7CC114; Fri, 26 Jun 2009 10:32:15 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 29236-06; Fri, 26 Jun 2009 10:32:15 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 144DB7CC110 for ; Fri, 26 Jun 2009 10:32:15 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AnoBANqGREqAAskQhWdsb2JhbACPR4kwAQEBCgsKGgWmcIcriE6EDQWIew X-IronPort-AV: E=Sophos;i="4.42,297,1243832400"; d="scan'208";a="28441487" Received: from jackfruit.srv.cs.cmu.edu ([128.2.201.16]) by mailgateway.anl.gov with ESMTP; 26 Jun 2009 10:32:14 -0500 Received: from [70.4.114.58] (70-4-114-58.pools.spcsdns.net [70.4.114.58]) (authenticated bits=0) by jackfruit.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id n5QFW8wK001000 (version=TLSv1/SSLv3 cipher=DES-CBC3-SHA bits=168 verify=NO); Fri, 26 Jun 2009 11:32:12 -0400 (EDT) From: "Jeffrey Hutzelman" Date: 26 Jun 2009 11:32:00 -0400 To: X-Mailer: ChatterEmail+ for Treo 6xx/700p (3.0.18) Message-ID: <3328860735.3538103@smtp.srv.cs.cmu.edu> X-Scanned-By: mimedefang-cmuscs on 128.2.201.16 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@anl.gov Subject: Re: [Ietf-krb-wg] WG Last Call: draft-ietf-krb-wg-preauth-framework-12 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov Great. I haven't done my review yet, but will try to do so this weekend. -----Original Message----- From: Sam Hartman Date: Friday, Jun 26, 2009 8:52 am Subject: Re: [Ietf-krb-wg] WG Last Call: draft-ietf-krb-wg-preauth-framework-12 To: Jeffrey Hutzelman CC: ietf-krb-wg@anl.gov I'm running a bit behind, but I hope to have a version of the >preauthentication framework draft responsive to last call comments >received (and to the discussion of those comments) ready before the >Stockholm draft cutoff. > > _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From thinkposts@live.com Fri Jun 26 09:56:31 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4387D3A6C0C for ; Fri, 26 Jun 2009 09:56:31 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -70.792 X-Spam-Level: X-Spam-Status: No, score=-70.792 tagged_above=-999 required=5 tests=[BAYES_99=3.5, BODY_ENHANCEMENT=0.309, CHARSET_FARAWAY_HEADER=3.2, DOS_OE_TO_MX=2.75, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_VERIZON_P=2.144, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_VERIZON_POOL=1.495, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RDNS_DYNAMIC=0.1, SARE_ADLTSUB2=1.23, SARE_ADULT2=1.42, SARE_ENLRGYOUR=1.02, SARE_SUB_ENC_KOI8R=0.67, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7433-QfbCK1c for ; Fri, 26 Jun 2009 09:56:30 -0700 (PDT) Received: from pool-72-88-249-246.nwrknj.east.verizon.net (pool-72-88-249-246.nwrknj.east.verizon.net [72.88.249.246]) by core3.amsl.com (Postfix) with ESMTP id 269A43A6BE5 for ; Fri, 26 Jun 2009 09:56:30 -0700 (PDT) Message-ID: <000d01c9f67e$dfd61030$6400a8c0@thinkposts> From: "Coleman Jeffers" To: Subject: =?koi8-r?B?V29tZW4gY2FuknQgZmluZCB5b3VyIHRoaW5nIGluIHlvdXIgcGFudHM/?= =?koi8-r?B?IEVubGFyZ2UgaXQu?= Date: Fri, 26 Jun 2009 12:55:13 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0007_01C9F67E.DFD61030" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 This is a multi-part message in MIME format. ------=_NextPart_000_0007_01C9F67E.DFD61030 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable After you enlarge your penis you can feel all the enjoyments of this life. = Lots of women will be after you. Be a 100% man and life will become easier = and more fun.=20   Enter this second ------=_NextPart_000_0007_01C9F67E.DFD61030 Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable
After you enlarge your peni= s you can feel all the enjoyments of this life. Lots of women will be after= you. Be a 100% man and life will become easier and more fun.
 
------=_NextPart_000_0007_01C9F67E.DFD61030-- From ape@sfc2000.com Fri Jun 26 15:49:41 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EFAD128C1DC; Fri, 26 Jun 2009 15:49:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -48.751 X-Spam-Level: X-Spam-Status: No, score=-48.751 tagged_above=-999 required=5 tests=[BAYES_99=3.5, DOS_OE_TO_MX=2.75, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, GB_I_LETTER=-2, HELO_DYNAMIC_HCC=4.295, HELO_DYNAMIC_IPADDR2=4.395, HELO_EQ_DSL=1.129, HS_INDEX_PARAM=0.001, HTML_MESSAGE=0.001, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, TVD_RCVD_IP=1.931, URIBL_BLACK=20, URIBL_RHS_DOB=1.083, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lYnE-lWzgEaL; Fri, 26 Jun 2009 15:49:40 -0700 (PDT) Received: from 113-58-223-201.adsl.terra.cl (113-58-223-201.adsl.terra.cl [201.223.58.113]) by core3.amsl.com (Postfix) with ESMTP id B080128C1DF; Fri, 26 Jun 2009 15:48:59 -0700 (PDT) Message-ID: <000d01c9f6b0$4e00ebd0$6400a8c0@ape> From: kink-archive@lists.ietf.org To: Subject: Stay up late Feel Great . Acai Berry. Date: Fri, 26 Jun 2009 18:49:04 -0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0007_01C9F6B0.4E00EBD0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 This is a multi-part message in MIME format. ------=_NextPart_000_0007_01C9F6B0.4E00EBD0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable =20 =20 =20 =20 =20 =20 To view this e-mail as a Web page,=20 go=20 here. =20 =20 =20 =20 =20   =20 =20 =20 Improve your health with Acai Berry, lose wieght feel great and= keep it off easily. Enter without knocking =20 =20 =20 =20 Reprint=20 Permission | Advertise | Advertiser=20 Comments | Subscribe=20 to our Newsletter |=20 Newsletter=20 FAQs =20 =20 Copyright � 2009, The juutbdbhnmuuv=20 Company. All rights reserved.If you must, unsubscribe=20 details are below.To unsubscribe, use my online=20 form. =A0 ------=_NextPart_000_0007_01C9F6B0.4E00EBD0 Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable

 
Improve your health wit= h Acai Berry, lose wieght feel great and keep it off easily.
Enter without= knocking

=


=A0
------=_NextPart_000_0007_01C9F6B0.4E00EBD0-- From ietf-krb-wg-bounces@lists.anl.gov Fri Jun 26 21:29:12 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 27DE83A6B1C for ; Fri, 26 Jun 2009 21:29:12 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.105 X-Spam-Level: X-Spam-Status: No, score=-3.105 tagged_above=-999 required=5 tests=[AWL=-0.506, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VvnRkyKuuuQj for ; Fri, 26 Jun 2009 21:29:11 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 9166F3A6BD6 for ; Fri, 26 Jun 2009 21:28:54 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 5ED6A46; Fri, 26 Jun 2009 23:29:13 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 908203D; Fri, 26 Jun 2009 23:29:09 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 59B3680E05; Fri, 26 Jun 2009 23:29:09 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 2A0EF80E01 for ; Fri, 26 Jun 2009 23:29:07 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 1B42938; Fri, 26 Jun 2009 23:29:07 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 164C53D for ; Fri, 26 Jun 2009 23:29:07 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 1133B38 for ; Fri, 26 Jun 2009 23:29:07 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id EE16F7CC12C; Fri, 26 Jun 2009 23:29:06 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 22233-04; Fri, 26 Jun 2009 23:29:06 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id D4EF07CC06F for ; Fri, 26 Jun 2009 23:29:06 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AjMBAH08RUoSBwdQk2dsb2JhbACYfAEBAQEJCQoJEwWmKocLiE2EDQWBN4dH X-IronPort-AV: E=Sophos;i="4.42,300,1243832400"; d="scan'208";a="28461804" Received: from biscayne-one-station.mit.edu ([18.7.7.80]) by mailgateway.anl.gov with ESMTP; 26 Jun 2009 23:29:06 -0500 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id n5R4T4Z6007785; Sat, 27 Jun 2009 00:29:05 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id n5R4T4YK016139 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sat, 27 Jun 2009 00:29:04 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9.20060308) id n5R4T4LF019662; Sat, 27 Jun 2009 00:29:04 -0400 (EDT) To: Jeffrey Hutzelman References: <8B286FBC24EFFF4C7CE1AEC4@atlantis.pc.cs.cmu.edu> From: Tom Yu Date: Sat, 27 Jun 2009 00:29:03 -0400 In-Reply-To: <8B286FBC24EFFF4C7CE1AEC4@atlantis.pc.cs.cmu.edu> (Jeffrey Hutzelman's message of "Fri, 12 Jun 2009 12:24:18 -0400") Message-ID: Lines: 31 MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.42 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@anl.gov Subject: Re: [Ietf-krb-wg] WG Last Call: draft-ietf-krb-wg-preauth-framework-12 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov Sorry, still catching up on stuff; others have already made comments similar to what I would have written. In Appendix A, we should note that single-DES random-to-key is "distribute 56 bits into high-7-bits of 8 octets and generate parity", analagous to what the single-DES string-to-key does. Should this document state that it updates RFC 3961 and RFC 3962? Or are we going to separately publish errata for those? I'm not sure what Greg's observation about the "->" notation in Section 6.1 is. Perhaps using notation such as KRB-FX-CF1: (UTF-8 string, UTF-8 string) -> (UTF-8 string) KRB-FX-CF(x, y) = x || y KRB-FX-CF2: (protocol key, protocol key, octet string, octet string) -> (protocol key) octet-string-1 = PRF+(K1, pepper1) octet-string-2 = PRF+(K2, pepper2) KRB-FX-CF2(K1, K2, pepper1, pepper2) = random-to-key(octet-string-1 ^ octet-string-2) using the usual f: domain -> codomain f(x) = y mathematical notation is better, making a distinction between right-arrow and equals. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Sat Jun 27 09:33:03 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DAC853A6CC1 for ; Sat, 27 Jun 2009 09:33:03 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.602 X-Spam-Level: X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[AWL=-0.003, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DoV4AUcKzTSY for ; Sat, 27 Jun 2009 09:33:03 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id ED0223A6C9F for ; Sat, 27 Jun 2009 09:33:02 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id BADF57A; Sat, 27 Jun 2009 11:33:21 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 584B23A; Sat, 27 Jun 2009 11:33:17 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 2584E80E07; Sat, 27 Jun 2009 11:33:17 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 75EFF80E05 for ; Sat, 27 Jun 2009 11:33:15 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 6E5CD38; Sat, 27 Jun 2009 11:33:15 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 6AF633A for ; Sat, 27 Jun 2009 11:33:15 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 6569D38 for ; Sat, 27 Jun 2009 11:33:15 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 297B37CC086; Sat, 27 Jun 2009 11:33:15 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 20926-09; Sat, 27 Jun 2009 11:33:15 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 10C247CC05D for ; Sat, 27 Jun 2009 11:33:14 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: As8DAF7mRUpT8bEngWdsb2JhbACBUZctAQEWJLUihA0FgTeHSQ X-IronPort-AV: E=Sophos;i="4.42,301,1243832400"; d="scan'208";a="28468083" Received: from yxa-v.extundo.com ([83.241.177.39]) by mailgateway.anl.gov with ESMTP; 27 Jun 2009 11:33:14 -0500 Received: from mocca.josefsson.org (c80-216-27-182.bredband.comhem.se [80.216.27.182]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5) with ESMTP id n5RGX9C5022122 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Sat, 27 Jun 2009 18:33:11 +0200 From: Simon Josefsson To: Jeffrey Hutzelman References: <87k559lrbg.fsf@mocca.josefsson.org> <5700B535F0978C875F6D48E9@atlantis.pc.cs.cmu.edu> <87my8yc0lb.fsf@mocca.josefsson.org> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:090627:jhutz@cmu.edu::LZGH1WuS7eAfHNGs:3gQ4 X-Hashcash: 1:22:090627:ietf-krb-wg@anl.gov::2aSprvuqXZbAnMEW:R47G Date: Sat, 27 Jun 2009 18:33:09 +0200 In-Reply-To: <87my8yc0lb.fsf@mocca.josefsson.org> (Simon Josefsson's message of "Wed, 27 May 2009 12:16:32 +0200") Message-ID: <871vp5ljqy.fsf@mocca.josefsson.org> User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.95 (gnu/linux) MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@anl.gov Subject: Re: [Ietf-krb-wg] IETF74 krb-wg minutes X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov Simon Josefsson writes: > Jeffrey Hutzelman writes: > >> --On Friday, April 24, 2009 01:43:32 PM -0700 Larry Zhu >> wrote: >> >>> That part of the minutes was taken verbatim from Jeff's note. I will >>> double check the notes and Shawn's scribe and post an update as >>> necessary. Thanks, >> >> My notes were intended as notes to myself on points that might require >> some followup by me, and while many of the items in those notes >> correspond directly to things that happened in the meeting, not all >> do. >> >> The item in question refers to a proposal I intended to make on this >> list, which I haven't yet had time to do and which was not discussed >> in the meeting. The core of that proposal was to take the starttls >> document as it stood at the time of the meeting, modulo the outcome of >> the certificate validation discussion which was still going on at that >> point. > > Any update on this? > > It would be useful to clarify if you believe there has been some change > in the IETF 73 suggestion to move both krb5starttls and FAST forward as > experimental. Chairs, I would appreciate your reply on this. /Simon _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Sat Jun 27 09:43:00 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BAF4D3A6CD5 for ; Sat, 27 Jun 2009 09:43:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.557 X-Spam-Level: X-Spam-Status: No, score=-102.557 tagged_above=-999 required=5 tests=[AWL=0.042, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E-sdN3gJ0ZE0 for ; Sat, 27 Jun 2009 09:42:59 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 7E9F53A68A0 for ; Sat, 27 Jun 2009 09:42:59 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id F15757C; Sat, 27 Jun 2009 11:43:17 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id D4F5B50; Sat, 27 Jun 2009 11:43:16 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id AD6ED80E07; Sat, 27 Jun 2009 11:43:16 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 6782280E05 for ; Sat, 27 Jun 2009 11:43:14 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 582DD38; Sat, 27 Jun 2009 11:43:14 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 5379F50 for ; Sat, 27 Jun 2009 11:43:14 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 4D5EA38 for ; Sat, 27 Jun 2009 11:43:14 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 372317CC086; Sat, 27 Jun 2009 11:43:14 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 21384-02; Sat, 27 Jun 2009 11:43:14 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 1C7E57CC05D for ; Sat, 27 Jun 2009 11:43:14 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AikAALboRUqDa3PWkWdsb2JhbACYfgEBAQEJCwoHEwadd5cYhA0FgTeCGYUw X-IronPort-AV: E=Sophos;i="4.42,301,1243832400"; d="scan'208";a="28468232" Received: from mailc.microsoft.com (HELO smtp.microsoft.com) ([131.107.115.214]) by mailgateway.anl.gov with ESMTP; 27 Jun 2009 11:43:13 -0500 Received: from TK5EX14MLTC103.redmond.corp.microsoft.com (157.54.79.174) by TK5-EXGWY-E803.partners.extranet.microsoft.com (10.251.56.169) with Microsoft SMTP Server (TLS) id 8.2.99.4; Sat, 27 Jun 2009 09:43:12 -0700 Received: from TK5EX14MLTW652.wingroup.windeploy.ntdev.microsoft.com (157.54.71.68) by TK5EX14MLTC103.redmond.corp.microsoft.com (157.54.79.174) with Microsoft SMTP Server id 14.0.601.1; Sat, 27 Jun 2009 09:43:12 -0700 Received: from TK5EX14MBXW651.wingroup.windeploy.ntdev.microsoft.com ([169.254.1.90]) by TK5EX14MLTW652.wingroup.windeploy.ntdev.microsoft.com ([157.54.71.68]) with mapi; Sat, 27 Jun 2009 09:43:12 -0700 From: Larry Zhu To: Simon Josefsson , Jeffrey Hutzelman Thread-Topic: [Ietf-krb-wg] IETF74 krb-wg minutes Thread-Index: AQHJ90UT4m4lCktwEkiOB0OE9Nyp85Bani5D Date: Sat, 27 Jun 2009 16:43:12 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: "ietf-krb-wg@anl.gov" Subject: Re: [Ietf-krb-wg] IETF74 krb-wg minutes X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov I will look into this. Sent from my Windows Mobile=AE phone. -----Original Message----- From: Simon Josefsson Sent: Saturday, June 27, 2009 9:34 AM To: Jeffrey Hutzelman Cc: ietf-krb-wg@anl.gov Subject: Re: [Ietf-krb-wg] IETF74 krb-wg minutes Simon Josefsson writes: > Jeffrey Hutzelman writes: > >> --On Friday, April 24, 2009 01:43:32 PM -0700 Larry Zhu >> wrote: >> >>> That part of the minutes was taken verbatim from Jeff's note. I will >>> double check the notes and Shawn's scribe and post an update as >>> necessary. Thanks, >> >> My notes were intended as notes to myself on points that might require >> some followup by me, and while many of the items in those notes >> correspond directly to things that happened in the meeting, not all >> do. >> >> The item in question refers to a proposal I intended to make on this >> list, which I haven't yet had time to do and which was not discussed >> in the meeting. The core of that proposal was to take the starttls >> document as it stood at the time of the meeting, modulo the outcome of >> the certificate validation discussion which was still going on at that >> point. > > Any update on this? > > It would be useful to clarify if you believe there has been some change > in the IETF 73 suggestion to move both krb5starttls and FAST forward as > experimental. Chairs, I would appreciate your reply on this. /Simon _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Sat Jun 27 10:30:25 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2063828C218 for ; Sat, 27 Jun 2009 10:30:25 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pAkhRIonofdf for ; Sat, 27 Jun 2009 10:30:23 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id B8C9F28C216 for ; Sat, 27 Jun 2009 10:30:22 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id DA89F78; Sat, 27 Jun 2009 12:30:41 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 8809D48; Sat, 27 Jun 2009 12:30:41 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 517B180E08; Sat, 27 Jun 2009 12:30:41 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 7DAEF80E07 for ; Sat, 27 Jun 2009 12:30:39 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 6C59C3A; Sat, 27 Jun 2009 12:30:39 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 673B548 for ; Sat, 27 Jun 2009 12:30:39 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 608E73A for ; Sat, 27 Jun 2009 12:30:39 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 422C17CC115; Sat, 27 Jun 2009 12:30:39 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 23058-05; Sat, 27 Jun 2009 12:30:39 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 2B0417CC061 for ; Sat, 27 Jun 2009 12:30:39 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AvoAAG/0RUoSBwdQk2dsb2JhbACYfgEBAQEJCQoJEwWlZoZKiE2EDQWBN4dJ X-IronPort-AV: E=Sophos;i="4.42,301,1243832400"; d="scan'208";a="28468757" Received: from biscayne-one-station.mit.edu ([18.7.7.80]) by mailgateway.anl.gov with ESMTP; 27 Jun 2009 12:30:38 -0500 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id n5RHUao3021648; Sat, 27 Jun 2009 13:30:37 -0400 (EDT) Received: from [10.0.0.100] (c-66-30-116-197.hsd1.ma.comcast.net [66.30.116.197]) (authenticated bits=0) (User authenticated as ghudson@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id n5RHUZSv003016 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sat, 27 Jun 2009 13:30:36 -0400 (EDT) From: Greg Hudson To: Tom Yu In-Reply-To: References: <8B286FBC24EFFF4C7CE1AEC4@atlantis.pc.cs.cmu.edu> Date: Sat, 27 Jun 2009 13:30:35 -0400 Message-Id: <1246123835.6259.120.camel@ray> Mime-Version: 1.0 X-Mailer: Evolution 2.26.1 X-Scanned-By: MIMEDefang 2.42 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@anl.gov Subject: Re: [Ietf-krb-wg] WG Last Call: draft-ietf-krb-wg-preauth-framework-12 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov On Sat, 2009-06-27 at 00:29 -0400, Tom Yu wrote: > I'm not sure what Greg's observation about the "->" notation in > Section 6.1 is. Perhaps using notation such as The text is: KRB-FX-CF2(protocol key, protocol key, octet string, octet string) -> (protocol key) PRF+(K1, pepper1) -> octet-string-1 PRF+(K2, pepper2) -> octet-string-2 KRB-FX-CF2(K1, K2, pepper1, pepper2) -> random-to-key(octet-string-1 ^ octet-string-2) So, in the first line we have a signature and the remaining lines are a definition. I am okay with the overloading of "->" there, although I am also fine with using different notation as Tom suggests. However, in the definition itself, -> is also used inconsistently. In the middle two lines, we have "assign the value of the left-hand expression to the variable name on the right" and in the last line, we have "define the function KRB-FX-CF2 with these arguments to be value of the expression on the right". So in four lines, we use -> to mean three very different things. It is only from context that the meaning is made clear. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Sat Jun 27 12:46:00 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 40C6B3A69D9 for ; Sat, 27 Jun 2009 12:46:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Cgr4cJ4mtaMG for ; Sat, 27 Jun 2009 12:45:59 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 4D0B43A68F9 for ; Sat, 27 Jun 2009 12:45:59 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 868907B; Sat, 27 Jun 2009 14:46:18 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id C1A1878; Sat, 27 Jun 2009 14:46:15 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 3ECE280E08; Sat, 27 Jun 2009 14:46:15 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 5C8CD80E07 for ; Sat, 27 Jun 2009 14:46:13 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 4D0F138; Sat, 27 Jun 2009 14:46:13 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 47DAB50 for ; Sat, 27 Jun 2009 14:46:13 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 40D8B38 for ; Sat, 27 Jun 2009 14:46:13 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 23EF87CC0C4; Sat, 27 Jun 2009 14:46:13 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 28673-10; Sat, 27 Jun 2009 14:46:13 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 09D1E7CC087 for ; Sat, 27 Jun 2009 14:46:13 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AvoAABIURkoSBwdQk2dsb2JhbACYfgEBAQEJCQoJEwWlH4Y3iE2EDQU X-IronPort-AV: E=Sophos;i="4.42,301,1243832400"; d="scan'208";a="28471859" Received: from biscayne-one-station.mit.edu ([18.7.7.80]) by mailgateway.anl.gov with ESMTP; 27 Jun 2009 14:46:12 -0500 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id n5RJkA8q001021; Sat, 27 Jun 2009 15:46:11 -0400 (EDT) Received: from [10.0.0.172] (c-24-34-91-35.hsd1.ma.comcast.net [24.34.91.35]) (authenticated bits=0) (User authenticated as raeburn@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id n5RJkAkO011727 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Sat, 27 Jun 2009 15:46:10 -0400 (EDT) Message-Id: <79DF8EE8-9706-4F4D-8EE6-121E9CF9A35D@mit.edu> From: Ken Raeburn To: Kerberos Working Group In-Reply-To: Mime-Version: 1.0 (Apple Message framework v935.3) Date: Sat, 27 Jun 2009 15:46:10 -0400 References: <8B286FBC24EFFF4C7CE1AEC4@atlantis.pc.cs.cmu.edu> X-Mailer: Apple Mail (2.935.3) X-Scanned-By: MIMEDefang 2.42 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Subject: Re: [Ietf-krb-wg] WG Last Call: draft-ietf-krb-wg-preauth-framework-12 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov On Jun 27, 2009, at 00:29, Tom Yu wrote: > Should this document state that it updates RFC 3961 and RFC 3962? Or > are we going to separately publish errata for those? For correcting errors, I think errata make more sense. Ken _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Mon Jun 29 04:29:43 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9CD8A3A6AC9 for ; Mon, 29 Jun 2009 04:29:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.598 X-Spam-Level: X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3Mi9PY7ZXDJa for ; Mon, 29 Jun 2009 04:29:42 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 79E6D3A6ADB for ; Mon, 29 Jun 2009 04:29:42 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id C2C8F12; Mon, 29 Jun 2009 06:30:02 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 31F2353; Mon, 29 Jun 2009 06:29:58 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id D16A280E07; Mon, 29 Jun 2009 06:29:58 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id E9E3580E05 for ; Mon, 29 Jun 2009 06:29:56 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id D760112; Mon, 29 Jun 2009 06:29:56 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id CDB2D54 for ; Mon, 29 Jun 2009 06:29:56 -0500 (CDT) Received: from mailrelay-bak.anl.gov (mailrelay-bak.anl.gov [130.202.101.24]) by mailhost.anl.gov (Postfix) with ESMTP id B5CC712 for ; Mon, 29 Jun 2009 06:29:56 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 9A3385A00A5; Mon, 29 Jun 2009 06:29:56 -0500 (CDT) Received: from mailrelay-bak.anl.gov ([127.0.0.1]) by localhost (mailrelay-bak.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 22094-06-18; Mon, 29 Jun 2009 06:29:56 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2-bak.anl.gov (Postfix) with ESMTP id 2C16B5A009D for ; Mon, 29 Jun 2009 06:29:56 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AsYBAB9CSErRVd7FkWdsb2JhbACCVJVrPwEBAQEJCQwHEaMegRqNOgEDAgSECQU X-IronPort-AV: E=Sophos;i="4.42,309,1243832400"; d="scan'208,217";a="28492768" Received: from mail-pz0-f197.google.com ([209.85.222.197]) by mailgateway.anl.gov with ESMTP; 29 Jun 2009 06:29:23 -0500 Received: by pzk35 with SMTP id 35so81260pzk.3 for ; Mon, 29 Jun 2009 04:29:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:cc:subject:date :message-id:mime-version:content-type:x-mailer:thread-index :content-language; bh=Wfeeto3SI5inHAdVD/gZqrvDIw1boK53dlvOj7Toafg=; b=S0iREU7LACH5LhZK/moJ+L+Vu2Pvi7fgCKaPgkXLF69GifZWWDIIPPv/ebpWLNosll FAbaFTZH355QyrE9KV0VYjaer/naodTHwy0RUyopT83kTufw+VcwRwHEYot27JGSLjTj 0G1FWGyzrwQ5WSMgrTdNdr+v77FK5gAGhrqCk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:cc:subject:date:message-id:mime-version:content-type :x-mailer:thread-index:content-language; b=moOnCbAoaxgat9icbKTg+66l3Lvk6vuHjZZHqsXgnMr6cAm0qNCOYk07h83gHcEPja p5LseqRvkfV3bGml3swDTh29B3HKMNc4UjGJZZ6JRMkJ+7k47U9Uh9dAC1x0XYJZWCSh cT72jFmeMV1up0osoYTO8VpWNMvo0/gilOw/U= Received: by 10.142.82.6 with SMTP id f6mr1847536wfb.182.1246274963477; Mon, 29 Jun 2009 04:29:23 -0700 (PDT) Received: from vistascheruku ([122.166.4.6]) by mx.google.com with ESMTPS id b39sm19534838rvf.6.2009.06.29.04.29.19 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 29 Jun 2009 04:29:22 -0700 (PDT) From: "Srinivas Cheruku" To: Date: Mon, 29 Jun 2009 16:58:45 +0530 Message-ID: <4a48a592.27b38c0a.7762.ffff9cc1@mx.google.com> MIME-Version: 1.0 X-Mailer: Microsoft Office Outlook 12.0 thread-index: Acn4rMM4KDXD56HPQnGfWxH1KsqDwQ== Content-Language: en-in X-Virus-Scanned: Debian amavisd-new at odin.it.anl.gov Subject: [Ietf-krb-wg] OTP - KerberosFlags X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============5853921255655204960==" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov This is a multi-part message in MIME format. --===============5853921255655204960== Content-Type: multipart/alternative; boundary="----=_NextPart_000_00C4_01C9F8DA.E15F7BE0" Content-Language: en-in This is a multi-part message in MIME format. ------=_NextPart_000_00C4_01C9F8DA.E15F7BE0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Hi, OTP draft uses KerberosFlags as follows: OTPFlags ::= KerberosFlags -- nextOTP (0) -- combine (1) In RFC 1510/4120, bit 0 is reserved and not used. Is there any good reason for not using bit 0? e.g TicketFlags ::= KerberosFlags -- reserved(0), -- forwardable(1), -- forwarded(2), ... KDCOptions ::= KerberosFlags -- reserved(0), -- forwardable(1), ... APOptions ::= KerberosFlags -- reserved(0), -- use-session-key(1), ... Thanks, Srini ------=_NextPart_000_00C4_01C9F8DA.E15F7BE0 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi,

 

OTP draft uses KerberosFlags as = follows:

 

           &= nbsp; OTPFlags ::=3D KerberosFlags

           &= nbsp; -- nextOTP (0)

           &= nbsp; -- combine (1)

 

In RFC 1510/4120, bit 0 is reserved and not used. = Is there any good reason for not using bit 0?

e.g

   TicketFlags     ::=3D = KerberosFlags

           -- reserved(0),

           -- forwardable(1),

           -- forwarded(2),

...

 

KDCOptions      ::=3D KerberosFlags

        -- reserved(0),

        -- forwardable(1),

...

 

APOptions       ::=3D KerberosFlags

        -- reserved(0),

        -- use-session-key(1),

...

 

 

Thanks,
Srini

------=_NextPart_000_00C4_01C9F8DA.E15F7BE0-- --===============5853921255655204960== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg --===============5853921255655204960==-- From ietf-krb-wg-bounces@lists.anl.gov Mon Jun 29 04:33:19 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1BFFF3A6D9C for ; Mon, 29 Jun 2009 04:33:19 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.001, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SzwuGKxAO8C6 for ; Mon, 29 Jun 2009 04:33:18 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 195A93A6D97 for ; Mon, 29 Jun 2009 04:33:18 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 37DE866; Mon, 29 Jun 2009 06:33:38 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 0A1484B; Mon, 29 Jun 2009 06:33:37 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id DFD2780E07; Mon, 29 Jun 2009 06:33:37 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 6BEA980E05 for ; Mon, 29 Jun 2009 06:33:36 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 662E945; Mon, 29 Jun 2009 06:33:36 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 6166B4B for ; Mon, 29 Jun 2009 06:33:36 -0500 (CDT) Received: from mailrelay-bak.anl.gov (mailrelay-bak.anl.gov [130.202.101.24]) by mailhost.anl.gov (Postfix) with ESMTP id 5B05C45 for ; Mon, 29 Jun 2009 06:33:36 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 3A0865A00A0; Mon, 29 Jun 2009 06:33:36 -0500 (CDT) Received: from mailrelay-bak.anl.gov ([127.0.0.1]) by localhost (mailrelay-bak.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 22695-02; Mon, 29 Jun 2009 06:33:36 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2-bak.anl.gov (Postfix) with ESMTP id 1D7485A009F for ; Mon, 29 Jun 2009 06:33:35 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ArAAAExDSEqA3iAUkWdsb2JhbACXeoEEAQEBAQkLCgcTBbF0hA0FiQA X-IronPort-AV: E=Sophos;i="4.42,309,1243832400"; d="scan'208";a="28492840" Received: from mexforward.lss.emc.com ([128.222.32.20]) by mailgateway.anl.gov with ESMTP; 29 Jun 2009 06:32:49 -0500 Received: from hop04-l1d11-si01.isus.emc.com (HOP04-L1D11-SI01.isus.emc.com [10.254.111.54]) by mexforward.lss.emc.com (Switch-3.3.2/Switch-3.1.7) with ESMTP id n5TBWmNf024891 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 29 Jun 2009 07:32:48 -0400 Received: from mailhub.lss.emc.com (numailhub.lss.emc.com [10.254.144.16]) by hop04-l1d11-si01.isus.emc.com (Tablus Interceptor); Mon, 29 Jun 2009 07:32:41 -0400 Received: from corpussmtp1.corp.emc.com (corpussmtp1.corp.emc.com [128.221.10.43]) by mailhub.lss.emc.com (Switch-3.3.2/Switch-3.3.2) with ESMTP id n5TBWe09014985; Mon, 29 Jun 2009 07:32:40 -0400 Received: from CORPUSMX50A.corp.emc.com ([128.221.62.43]) by corpussmtp1.corp.emc.com with Microsoft SMTPSVC(6.0.3790.3959); Mon, 29 Jun 2009 07:32:40 -0400 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Mon, 29 Jun 2009 07:32:28 -0400 Message-ID: <8682B0640707834A9BC5FD0CA4C3CE2506A545EA@CORPUSMX50A.corp.emc.com> In-Reply-To: <4a40be08.1c07d00a.6e0b.035a@mx.google.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Ietf-krb-wg] OTP draft - full tagged ASN.1 structures Thread-Index: Acnz9T1vOXn4KRzDTcKh0jF3w33HvAAAQoEAAS18YAA= References: <4a3f5014.1818d00a.41d9.125a@mx.google.com> <4a40be08.1c07d00a.6e0b.035a@mx.google.com> From: To: , X-OriginalArrivalTime: 29 Jun 2009 11:32:40.0416 (UTC) FILETIME=[4F88B600:01C9F8AD] X-EMM-EM: Active X-Virus-Scanned: Debian amavisd-new at odin.it.anl.gov Cc: ietf-krb-wg@anl.gov Subject: Re: [Ietf-krb-wg] OTP draft - full tagged ASN.1 structures X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov As I mentioned in my reply, I have used tagging to resolve potential ambiguity when there is more than one optional element of the same type. I didn't believe that full tagging was required. However, from Tom and Sam's replies to Srini's question, it does seem as if full tagging would make parsing easier. Jeff & Larry, do you think that this change is required? --Gareth > -----Original Message----- > From: Srinivas Cheruku [mailto:srinivas.cheruku@gmail.com] > Sent: 23 June 2009 12:35 > To: 'Sam Hartman' > Cc: Richards, Gareth; ietf-krb-wg@anl.gov > Subject: RE: [Ietf-krb-wg] OTP draft - full tagged ASN.1 structures > > > >>>>> Sam Hartman [mailto:hartmans-ietf@mit.edu] writes: > > >While these tags are not required by the ASN.1 spec, at > least for some > >Kerberos implementations it would be far easier to implement > ASN.1 that > >followed the Kerberos style. > > >OTOH, it is late in the process for this sort of change. > > I think Gareth can change the draft and I don't think it is too late. > > Thanks, > Srini > > > _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Mon Jun 29 09:02:40 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B8BBE3A6D6B for ; Mon, 29 Jun 2009 09:02:40 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.966 X-Spam-Level: X-Spam-Status: No, score=-2.966 tagged_above=-999 required=5 tests=[AWL=-0.667, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DVbcJWlOTLY2 for ; Mon, 29 Jun 2009 09:02:40 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id DD2A43A6B11 for ; Mon, 29 Jun 2009 09:02:37 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id BB9335E; Mon, 29 Jun 2009 11:00:46 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 24C9E5A; Mon, 29 Jun 2009 11:00:45 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id E24ED80E08; Mon, 29 Jun 2009 11:00:44 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id D442C80E07 for ; Mon, 29 Jun 2009 11:00:42 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id CC6905B; Mon, 29 Jun 2009 11:00:42 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id C755331 for ; Mon, 29 Jun 2009 11:00:42 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id AB1915B for ; Mon, 29 Jun 2009 11:00:42 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 945467CC0BF; Mon, 29 Jun 2009 11:00:42 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 29947-08; Mon, 29 Jun 2009 11:00:42 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 2A93B7CC0C4 for ; Mon, 29 Jun 2009 11:00:42 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Ah8BAJOCSEoR/g0XkWdsb2JhbACYfgEBAQEJCwoHEwW1KIQNBYNQ X-IronPort-AV: E=Sophos;i="4.42,310,1243832400"; d="scan'208";a="28503277" Received: from mail-out4.apple.com ([17.254.13.23]) by mailgateway.anl.gov with ESMTP; 29 Jun 2009 11:00:31 -0500 Received: from relay11.apple.com (relay11.apple.com [17.128.113.48]) by mail-out4.apple.com (Postfix) with ESMTP id B48646AE2C62 for ; Mon, 29 Jun 2009 09:00:30 -0700 (PDT) Received: from relay11.apple.com (unknown [127.0.0.1]) by relay11.apple.com (Symantec Brightmail Gateway) with ESMTP id 9F1FC28081 for ; Mon, 29 Jun 2009 09:00:30 -0700 (PDT) X-AuditID: 11807130-abce9bb0000025da-d1-4a48e51ec8fd Received: from et.apple.com (et.apple.com [17.151.62.12]) by relay11.apple.com (Apple SCV relay) with ESMTP id 68EE52808D for ; Mon, 29 Jun 2009 09:00:30 -0700 (PDT) MIME-version: 1.0 Received: from nutcracker.apple.com (nutcracker.apple.com [17.201.21.139]) by et.apple.com (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008; 32bit)) with ESMTPSA id <0KM0005KACGU8W80@et.apple.com> for ietf-krb-wg@anl.gov; Mon, 29 Jun 2009 09:00:30 -0700 (PDT) From: =?iso-8859-1?Q?Love_H=F6rnquist_=C5strand?= In-reply-to: <8682B0640707834A9BC5FD0CA4C3CE2506A545EA@CORPUSMX50A.corp.emc.com> Date: Mon, 29 Jun 2009 09:00:30 -0700 Message-id: <316B6037-44A8-4A7B-B4E2-DB36C1379AAA@kth.se> References: <4a3f5014.1818d00a.41d9.125a@mx.google.com> <4a40be08.1c07d00a.6e0b.035a@mx.google.com> <8682B0640707834A9BC5FD0CA4C3CE2506A545EA@CORPUSMX50A.corp.emc.com> To: gareth.richards@rsa.com X-Mailer: Apple Mail (2.1068) X-Brightmail-Tracker: AAAAAA== X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: hartmans-ietf@mit.edu, ietf-krb-wg@anl.gov Subject: Re: [Ietf-krb-wg] OTP draft - full tagged ASN.1 structures X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed"; DelSp="yes" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov I don't care which tagging your are using but prefer the full tagging for consistancy with other Kerberos documents. Love 29 jun 2009 kl. 04:32 skrev gareth.richards@rsa.com: > As I mentioned in my reply, I have used tagging to resolve potential > ambiguity when there is more than one optional element of the same > type. > I didn't believe that full tagging was required. > > However, from Tom and Sam's replies to Srini's question, it does > seem as > if full tagging would make parsing easier. > > Jeff & Larry, do you think that this change is required? > > --Gareth > >> -----Original Message----- >> From: Srinivas Cheruku [mailto:srinivas.cheruku@gmail.com] >> Sent: 23 June 2009 12:35 >> To: 'Sam Hartman' >> Cc: Richards, Gareth; ietf-krb-wg@anl.gov >> Subject: RE: [Ietf-krb-wg] OTP draft - full tagged ASN.1 structures >> >> >>>>>>> Sam Hartman [mailto:hartmans-ietf@mit.edu] writes: >> >>> While these tags are not required by the ASN.1 spec, at >> least for some >>> Kerberos implementations it would be far easier to implement >> ASN.1 that >>> followed the Kerberos style. >> >>> OTOH, it is late in the process for this sort of change. >> >> I think Gareth can change the draft and I don't think it is too late. >> >> Thanks, >> Srini >> >> >> > _______________________________________________ > ietf-krb-wg mailing list > ietf-krb-wg@lists.anl.gov > https://lists.anl.gov/mailman/listinfo/ietf-krb-wg _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From johnsmithsvt@absolutefinancialgroup.net Mon Jun 29 15:34:18 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3CFCB3A6C40 for ; Mon, 29 Jun 2009 15:34:18 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -9.087 X-Spam-Level: X-Spam-Status: No, score=-9.087 tagged_above=-999 required=5 tests=[BAYES_60=1, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6AJzPvHeMotO for ; Mon, 29 Jun 2009 15:34:11 -0700 (PDT) Received: from rrcs-24-123-38-183.central.biz.rr.com (rrcs-24-123-38-183.central.biz.rr.com [24.123.38.183]) by core3.amsl.com (Postfix) with SMTP id 185AF3A6E02 for ; Mon, 29 Jun 2009 15:33:53 -0700 (PDT) To: krb-wg-archive@lists.ietf.org Subject: Your Buy.com order #244384 From: krb-wg-archive@lists.ietf.org MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090629223354.185AF3A6E02@core3.amsl.com> Date: Mon, 29 Jun 2009 15:33:53 -0700 (PDT)
Tell a friend | Download latest version See this email as a webpage

Hello!

Shipped Privately And Discreetly To Your Door!
See this email as a webpage
  We want to put a great big grin on your face in 2009. You'll be to rejoice all year.  

Unsubscribe | Lost Password | Account Settings | Help | Terms of Service | Privacy

Ottho Heldringstraat 4, 30782 AZ Amsterdam, The Netherlands
From ietf-krb-wg-bounces@lists.anl.gov Tue Jun 30 10:10:18 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 536CD28C42A for ; Tue, 30 Jun 2009 10:10:18 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b1qDW-LMs0j5 for ; Tue, 30 Jun 2009 10:10:17 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 1D2CD3A68E5 for ; Tue, 30 Jun 2009 10:10:17 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 8878B6A; Tue, 30 Jun 2009 12:09:18 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 495A866; Tue, 30 Jun 2009 12:09:14 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 0919F80E08; Tue, 30 Jun 2009 12:09:14 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id D235880E07 for ; Tue, 30 Jun 2009 12:09:12 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id C442164; Tue, 30 Jun 2009 12:09:12 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id BF62466 for ; Tue, 30 Jun 2009 12:09:12 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id A395164 for ; Tue, 30 Jun 2009 12:09:12 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 8E2667CC0A5; Tue, 30 Jun 2009 12:09:12 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 00615-04; Tue, 30 Jun 2009 12:09:12 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 62E777CC09F for ; Tue, 30 Jun 2009 12:09:12 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: As0BAE/jSUqA3iAUkWdsb2JhbACOLYlRgQUBAQEBCQsKBxMFp24HAQMBj0CCMh8HAQQBgTEF X-IronPort-AV: E=Sophos;i="4.42,317,1243832400"; d="scan'208";a="28549908" Received: from mexforward.lss.emc.com ([128.222.32.20]) by mailgateway.anl.gov with ESMTP; 30 Jun 2009 12:09:12 -0500 Received: from hop04-l1d11-si04.isus.emc.com (HOP04-L1D11-SI04.isus.emc.com [10.254.111.24]) by mexforward.lss.emc.com (Switch-3.3.2/Switch-3.1.7) with ESMTP id n5UH9B0G002433 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 30 Jun 2009 13:09:11 -0400 Received: from mailhub.lss.emc.com (numailhub.lss.emc.com [10.254.144.16]) by hop04-l1d11-si04.isus.emc.com (Tablus Interceptor); Tue, 30 Jun 2009 13:09:02 -0400 Received: from corpussmtp1.corp.emc.com (corpussmtp1.corp.emc.com [128.221.10.43]) by mailhub.lss.emc.com (Switch-3.3.2/Switch-3.3.2) with ESMTP id n5UH8vMd010564; Tue, 30 Jun 2009 13:09:02 -0400 Received: from CORPUSMX50A.corp.emc.com ([128.221.62.43]) by corpussmtp1.corp.emc.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 30 Jun 2009 13:09:00 -0400 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Tue, 30 Jun 2009 13:08:59 -0400 Message-ID: <8682B0640707834A9BC5FD0CA4C3CE2506AEE133@CORPUSMX50A.corp.emc.com> In-Reply-To: <4a3f643e.0702d00a.6e59.210f@mx.google.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: OTP draft - PIN change service Thread-Index: AcnzKIit3jwVaa2mSxu0tk/vdCI3XwGdG1DA References: <4a3f643e.0702d00a.6e59.210f@mx.google.com> From: To: , X-OriginalArrivalTime: 30 Jun 2009 17:09:00.0741 (UTC) FILETIME=[765BAF50:01C9F9A5] X-EMM-EM: Active X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Subject: Re: [Ietf-krb-wg] OTP draft - PIN change service X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.11 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov Srini, It looks as if you are right. I had assumed that PIN change would either be handled using an existing mechanism that was already in place for the token type or via a "PIN Change Service" as described in the extract. Since PIN change is similar to password change, I had hoped that this could be handled using the existing Kerberos password change system but it seems as if that was a mistake. Overloading an existing protocol is probably not a good idea and I had not taken into account the fact that a user could have multiple tokens or that multiple back-end OTP servers could be involved. There are three main problems with the current approach: 1) The existing ChangePasswordData in RFC3244 does not appear to support a way for the client to inform the service which token needs to have its PIN changed. 2) Generally, the client wouldn't even know which token the user happened used and so wouldn't have the information to provide anyway. 3) Since the KDC would not generally be the OTP server itself, the KDC itself cannot be assumed to have the information required to change the PIN either. With hindsight, it seems that it would probably be better if the OTP pre-authentication draft leaves the actual method of PIN change out of scope in the same way that I believe RFC4120 does not describe how to carry out password change. This would then leave it open for a separate PIN change protocol. So I suggest re-wording section 2.3 to remove mention of RFC3244. --Gareth ________________________________ From: Srinivas Cheruku [mailto:srinivas.cheruku@gmail.com] Sent: 22 June 2009 12:00 To: Richards, Gareth; ietf-krb-wg@anl.gov Subject: OTP draft - PIN change service Hi, From OTP draft, In the user is required to change their PIN then it is recommended that user PIN change be handled by a PIN-change service supporting the ChangePasswdData in a AP-REQ as described in [RFC3244 ]. Just saying as above will not suffice as there are issues which needs to be addressed for PIN change service are: 1) A standard port needs to be defined for the PIN change service or at least a way for the current RFC3244 password change service to distinguish between PIN and Kerberos password changes 2) The PIN change service would need a way of telling which token of the user is having its PIN change 3) Related to issue 2, the PIN change service would need to be able to determine which OTP-server is handling the token(Multiple OTP servers can be used in an organization). Thanks, Srini _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From midwifesk3@risi-v.com Tue Jun 30 12:37:39 2009 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 539823A6EBC; Tue, 30 Jun 2009 12:37:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.971 X-Spam-Level: X-Spam-Status: No, score=-2.971 tagged_above=-999 required=5 tests=[BAYES_99=3.5, DOS_OE_TO_MX=2.75, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_HCC=4.295, HELO_DYNAMIC_IPADDR2=4.395, HELO_EQ_BLUEYON=1.4, HELO_EQ_MODEMCABLE=0.768, HOST_EQ_MODEMCABLE=1.368, HTML_IMAGE_ONLY_16=1.526, HTML_MESSAGE=0.001, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_URI_REPLICA=1.634, TVD_RCVD_IP=1.931, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_SBL=20, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tITFwat3t5iS; Tue, 30 Jun 2009 12:37:38 -0700 (PDT) Received: from 92-234-57-151.cable.ubr12.enfi.blueyonder.co.uk (92-234-57-151.cable.ubr12.enfi.blueyonder.co.uk [92.234.57.151]) by core3.amsl.com (Postfix) with ESMTP id 8B50C3A6BCE; Tue, 30 Jun 2009 12:37:36 -0700 (PDT) Message-ID: <000d01c9f9ba$2841bd40$6400a8c0@midwifesk3> From: eap-archive@lists.ietf.org To: Subject: Best Selling Luxury Bags and wallets Date: Tue, 30 Jun 2009 20:37:09 +0000 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0007_01C9F9BA.2841BD40" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 This is a multi-part message in MIME format. ------=_NextPart_000_0007_01C9F9BA.2841BD40 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable   Present... Best Selling Luxury Bags and wallets Red Loafer II=20 Classic White Monogram Gucci Logo=20 Classic White Monogram Gucci Logo Click at the moment =A0 =A0 =A0 ------=_NextPart_000_0007_01C9F9BA.2841BD40 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
3D""  Present...
Best Selling Luxury Bags and wallets=
=A0
=A0
=A0
------=_NextPart_000_0007_01C9F9BA.2841BD40--