IETF Logo Mail Archive

Protocol Action: 'GSS-API Internationalization and Domain-Based Service Names and Name Type' to Proposed Standard

The IESG <iesg-secretary@ietf.org> Tue, 11 March 2008 12:17 UTC

Return-Path: <ietf-announce-bounces@ietf.org>
X-Original-To: ietfarch-ietf-announce-archive@core3.amsl.com
Delivered-To: ietfarch-ietf-announce-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BC05C3A6DB7; Tue, 11 Mar 2008 05:17:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nAtVOLzCmkFu; Tue, 11 Mar 2008 05:17:20 -0700 (PDT)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 18AA63A6D83; Tue, 11 Mar 2008 05:17:02 -0700 (PDT)
X-Original-To: ietf-announce@ietf.org
Delivered-To: ietf-announce@core3.amsl.com
Received: by core3.amsl.com (Postfix, from userid 30) id 9FEDC3A6DAF; Tue, 11 Mar 2008 05:17:00 -0700 (PDT)
X-idtracker: yes
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Subject: Protocol Action: 'GSS-API Internationalization and Domain-Based Service Names and Name Type' to Proposed Standard
Message-Id: <20080311121700.9FEDC3A6DAF@core3.amsl.com>
Date: Tue, 11 Mar 2008 05:17:00 -0700
Cc: kitten chair <kitten-chairs@tools.ietf.org>, Internet Architecture Board <iab@iab.org>, kitten mailing list <kitten@lists.ietf.org>, RFC Editor <rfc-editor@rfc-editor.org>
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF Announcements <ietf-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ietf-announce-bounces@ietf.org
Errors-To: ietf-announce-bounces@ietf.org

The IESG has approved the following documents:

- 'GSS-API Internationalization and Domain-Based Service Names and Name 
   Type '
   <draft-ietf-kitten-gssapi-domain-based-names-06.txt> as a 
   Proposed Standard
- 'GSS-API Domain-Based Service Names Mapping for the Kerberos V GSS 
   Mechanism '
   <draft-ietf-kitten-krb5-gssapi-domain-based-names-05.txt> as a 
   Proposed Standard

These documents are products of the Kitten (GSS-API Next Generation) 
Working Group. 

The IESG contact persons are Sam Hartman and Tim Polk.

A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-kitten-gssapi-domain-based-names-06.txt

Technical Summary
 
   This documentset  describes domainname-based service principal names
and
   the corresponding name type for the Generic Security Service
   Application Programming Interface (GSS-API) and the GSS-API
Kerberos 5 mechanism.

   Domain-based service names are similar to host-based service names,
   but using a domain name (not necessarily an Internet domain name) in
   addition to a hostname.  The primary purpose of domain-based names is
   to provide a measure of protection to applications that utilize
   insecure service discovery protocols.  This is achieved by providing
   a way to name clustered services after the "domain" which they
   service, thereby allowing their clients to authorize the service's
   servers based on authentication of their service names.

 
Working Group Summary
 
   The Kitten Working Group has achieved consensus that
   this document should be published as a Proposed Standard.  Two weeks
   of discussion of the document and how applications would need to
   be modified to make use if its specification were extended by an
   additional week in order to reach consensus on additional examples.

 
Protocol Quality
 

   This document has been reviewed by Sam Hartman for the IESG.

Note to RFC Editor
 
Create a new section after section 5:
x.  IANA Considerations

   The IANA should record the following new name-type OID in the IANA's
   "SMI Security for Name System Designators Codes (nametypes)"
   registry:

      5   gss-domain-based                                      [RFCxxxx]


   

   Add to the end of section 6 (Security Considerations):

   Note that, as with all service names, the mere existence of a
  domain-based service name conveys meaningful information that may be
  used by initiators for making authorization decisions; therefore,
  administrators of distributed authentication services should be
  aware of the significance of the service names for which they create
  acceptor credentials."

_______________________________________________
IETF-Announce mailing list
IETF-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-announce

v2.23.0 | Report a Bug | By Email