Protocol Action: 'Kerberos SPAKE Pre-Authentication' to Proposed Standard (draft-ietf-kitten-krb-spake-preauth-13.txt)
The IESG <iesg-secretary@ietf.org> Fri, 09 February 2024 14:56 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: ietf-announce@ietf.org
Delivered-To: ietf-announce@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F0C8C15108E; Fri, 9 Feb 2024 06:56:03 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Subject: Protocol Action: 'Kerberos SPAKE Pre-Authentication' to Proposed Standard (draft-ietf-kitten-krb-spake-preauth-13.txt)
X-Test-IDTracker: no
X-IETF-IDTracker: 12.4.0
Auto-Submitted: auto-generated
Precedence: bulk
Cc: Nicolas Williams <nico@cryptonector.com>, The IESG <iesg@ietf.org>, draft-ietf-kitten-krb-spake-preauth@ietf.org, kitten-chairs@ietf.org, kitten@ietf.org, nico@cryptonector.com, paul.wouters@aiven.io, rfc-editor@rfc-editor.org
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-ID: <170749056364.65253.11687501902709978069@ietfa.amsl.com>
Date: Fri, 09 Feb 2024 06:56:03 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-announce/vsCgsdIW0fZssSemUsCGCKuEnG0>
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.39
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-announce/>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Feb 2024 14:56:03 -0000
The IESG has approved the following document: - 'Kerberos SPAKE Pre-Authentication' (draft-ietf-kitten-krb-spake-preauth-13.txt) as Proposed Standard This document is the product of the Common Authentication Technology Next Generation Working Group. The IESG contact persons are Paul Wouters and Roman Danyliw. A URL of this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-kitten-krb-spake-preauth/ Technical Summary This document describes a new "pre-authentication" protocol for Kerberos V5 [RFC4120], one that uses a zero-knowledge password proof for authenticating a client principal to a Kerberos Authentication Server (AS), part of the Kerberos key distribution center (KDC). Besides supporting the use of simple passwords, this method also supports second factors. Working Group Summary The KITTEN WG mailing list has had a number of threads on the topic of Simple Password Authenticate Key Exchange (SPAKE) for Kerberos, and four on this particular Internet-Draft. It was clear that this document is ready for advancement. Some participants have suggested additional features, but there is consensus that these can be added as extensions to this protocol in future updates (the protocol is extensible), or if need be as a new protocol. Document Quality Note that this documents implements/overlaps largely with what is now RFC 9382, but the WG decided to strip mention of it and rely on the original paper directly, since the path of that document had diverged somewhat from what was needed for this one. Personnel Document Shepherd: Nico Williams Responsible AD was Ben Kaduk (now a chair of kitten) and is now Paul Wouters.