Protocol Action: 'Kerberos Authorization Data Container Authenticated by Multiple MACs' to Proposed Standard (draft-ietf-kitten-cammac-01.txt)

The IESG <> Tue, 13 January 2015 01:33 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id A54CC1A8832; Mon, 12 Jan 2015 17:33:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ccb9VdRA7aa1; Mon, 12 Jan 2015 17:33:19 -0800 (PST)
Received: from (localhost [IPv6:::1]) by (Postfix) with ESMTP id 4E69E1A898F; Mon, 12 Jan 2015 17:33:13 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <>
To: IETF-Announce <>
Subject: Protocol Action: 'Kerberos Authorization Data Container Authenticated by Multiple MACs' to Proposed Standard (draft-ietf-kitten-cammac-01.txt)
X-Test-IDTracker: no
X-IETF-IDTracker: 5.10.0.p8
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <>
Date: Mon, 12 Jan 2015 17:33:13 -0800
Archived-At: <>
Cc: kitten mailing list <>, kitten chair <>, RFC Editor <>
X-Mailman-Version: 2.1.15
List-Id: "IETF announcement list. No discussions." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 13 Jan 2015 01:33:21 -0000

The IESG has approved the following document:
- 'Kerberos Authorization Data Container Authenticated by Multiple MACs'
  (draft-ietf-kitten-cammac-01.txt) as Proposed Standard

This document is the product of the Common Authentication Technology Next
Generation Working Group.

The IESG contact persons are Stephen Farrell and Kathleen Moriarty.

A URL of this Internet Draft is:

Technical Summary

   This document specifies a Kerberos Authorization Data
   container that supersedes AD-KDC-ISSUED.  It allows for multiple
   Message Authentication Codes (MACs) or signatures to authenticate the
   contained Authorization Data elements.  This document updates RFC

Working Group Summary

The review process for this document was quite spread out in time, with
action occurring in occasional bursts.  Almost all of the Kerberos
experts who regularly participate in the WG have contributed to
reviewing this document at some point in its history, but not
necessarily all at the same time.  There was a lot of discussion around
the time of the initial few revisions, but then a lull in activity.
Version -05 got a lot of review comments, which resulted in some
(substantive, but relatively minor) changes to the specification.  It
was unclear what level of review those changes had received, after
essentially no comments were received during a WGLC period for the -08,
so we solicited further comments at that time, and got thorough review
from two Kerberos experts, which the shepherd believes is sufficient.
These post-WGLC reviews were largely editorial, but there were four
issues of substance that were raised, two of which received heavy

Document Quality

There are not currently any implementations, but Red Hat and MIT plan
to collaborate to produce an implementation.  MIT has a partial
implementation of an en/decoder for the ASN.1 types.


  The document shepherd is Benjamin Kaduk.  
  The irresponsible Area Director is Stephen Farrell.