IETF Logo Mail Archive

Re: [kitten] I-D Action: draft-ietf-krb-wg-cammac-09.txt

Tom Yu <tlyu@mit.edu> Fri, 05 September 2014 20:34 UTC

Return-Path: <tlyu@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E8DE61A00AE for <kitten@ietfa.amsl.com>; Fri, 5 Sep 2014 13:34:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.869
X-Spam-Level:
X-Spam-Status: No, score=-4.869 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A2a08VZoVC9Y for <kitten@ietfa.amsl.com>; Fri, 5 Sep 2014 13:34:20 -0700 (PDT)
Received: from dmz-mailsec-scanner-4.mit.edu (dmz-mailsec-scanner-4.mit.edu [18.9.25.15]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 38BDE1A00E2 for <kitten@ietf.org>; Fri, 5 Sep 2014 13:34:20 -0700 (PDT)
X-AuditID: 1209190f-f79aa6d000005b45-19-540a1e4a4029
Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-4.mit.edu (Symantec Messaging Gateway) with SMTP id D0.2C.23365.A4E1A045; Fri, 5 Sep 2014 16:34:18 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id s85KYHeB030015 for <kitten@ietf.org>; Fri, 5 Sep 2014 16:34:18 -0400
Received: from localhost (sarnath.mit.edu [18.18.1.190]) (authenticated bits=0) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id s85KYG9d019643 for <kitten@ietf.org>; Fri, 5 Sep 2014 16:34:17 -0400
From: Tom Yu <tlyu@mit.edu>
To: kitten@ietf.org
References: <20140905195755.12365.12570.idtracker@ietfa.amsl.com>
Date: Fri, 05 Sep 2014 16:34:15 -0400
In-Reply-To: <20140905195755.12365.12570.idtracker@ietfa.amsl.com> (internet-drafts@ietf.org's message of "Fri, 5 Sep 2014 12:57:55 -0700")
Message-ID: <ldvwq9h24e0.fsf@sarnath.mit.edu>
Lines: 14
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrLIsWRmVeSWpSXmKPExsUixCmqreslxxVisK9HwOLo5lUsDoweS5b8 ZApgjOKySUnNySxLLdK3S+DKuPpsCXPBMpaK9T3tLA2Mh5i7GDk4JARMJP4stuli5AQyxSQu 3FvP1sXIxSEkMJtJ4sbeuVDOMUaJ0w/fMkI4jUwSX1qfs4K0sAlISxy/vIsJxBYREJbYvfUd M4gtLOAosaDrP5gtBGQvbPzBDmKzCKhKXFk/iR1kEKdAP6PE9tObwZp5BXQl/i3vZgOxeQQ4 Jdb3P2OEiAtKnJz5hAXEZhbQkrjx7yXTBEb+WUhSs5CkFjAyrWKUTcmt0s1NzMwpTk3WLU5O zMtLLdI10cvNLNFLTSndxAgOM0n+HYzfDiodYhTgYFTi4V3wmSNEiDWxrLgy9xCjJAeTkijv ZBmuECG+pPyUyozE4oz4otKc1OJDjBIczEoivGk/OEOEeFMSK6tSi/JhUtIcLErivG+trYKF BNITS1KzU1MLUotgsjIcHEoSvG9BhgoWpaanVqRl5pQgpJk4OEGG8wANF5EFquEtLkjMLc5M h8ifYjTmaGl628vEsa7zWz+TEEtefl6qlDgvK0ipAEhpRmke3DRYqnjFKA70nDCvHEgVDzDN wM17BbSKCWiVeTrIH8UliQgpqQZGxZQirwsHPxvx8Acc1Eld69y/RcZimlNQbbD9z5h/Mzax m5uu4qxISHlvaJ2/rsnNvMVC7vWJjse/1LoNtjHmSXTpiU+Lsni39Jro7sIPe+37r/xt7jXk X+ndXXLW+fmTgljj2THdPHae5hHWO1KlrSOevJjz+sWquQuy3ltaKof3tNSbfVdiKc5INNRi LipOBAAX1LoA8AIAAA==
Archived-At: http://mailarchive.ietf.org/arch/msg/kitten/1nXs196NJlHrVKJA_mRzEhgsvjA
Subject: Re: [kitten] I-D Action: draft-ietf-krb-wg-cammac-09.txt
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Sep 2014 20:34:22 -0000

This revision makes some editorial wording changes in responses to
feedback.

At Greg's suggestion, kdc-verifier is now optional, and I have
documented the relevant security considerations for this.

I've also specified the non-criticality semantics.

I appear to have forgotten to add text documenting the service principal
binding issue.  Does someone want to suggest wording?

I believe these changes all have at least rough WG consensus behind
them, but the chairs are welcome to clarify whether they agree that
there is consensus.

v2.23.0 | Report a Bug | By Email