Re: [kitten] draft-ietf-kitten-iakerb-02
Greg Hudson <ghudson@mit.edu> Thu, 16 October 2014 20:38 UTC
Return-Path: <ghudson@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A6771A892E for <kitten@ietfa.amsl.com>; Thu, 16 Oct 2014 13:38:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jJ3eQanVzizs for <kitten@ietfa.amsl.com>; Thu, 16 Oct 2014 13:38:15 -0700 (PDT)
Received: from dmz-mailsec-scanner-6.mit.edu (dmz-mailsec-scanner-6.mit.edu [18.7.68.35]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 02D6B1A897A for <kitten@ietf.org>; Thu, 16 Oct 2014 13:38:14 -0700 (PDT)
X-AuditID: 12074423-f799d6d00000337c-25-54402cb5cb05
Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-6.mit.edu (Symantec Messaging Gateway) with SMTP id 1F.96.13180.5BC20445; Thu, 16 Oct 2014 16:38:13 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id s9GKc76D025463; Thu, 16 Oct 2014 16:38:08 -0400
Received: from [18.101.8.102] (vpn-18-101-8-102.mit.edu [18.101.8.102]) (authenticated bits=0) (User authenticated as ghudson@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id s9GKc4U7032515 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Thu, 16 Oct 2014 16:38:07 -0400
Message-ID: <54402CAC.3010209@mit.edu>
Date: Thu, 16 Oct 2014 16:38:04 -0400
From: Greg Hudson <ghudson@mit.edu>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.1.2
MIME-Version: 1.0
To: Benjamin Kaduk <kaduk@mit.edu>, kitten@ietf.org
References: <alpine.GSO.1.10.1410141053220.27826@multics.mit.edu>
In-Reply-To: <alpine.GSO.1.10.1410141053220.27826@multics.mit.edu>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrIIsWRmVeSWpSXmKPExsUixCmqrbtVxyHEoGGqjsXRzatYHBg9liz5 yRTAGMVlk5Kak1mWWqRvl8CV8aNvM2PBZc6KnuUFDYyv2LsYOTkkBEwkXuxfygphi0lcuLee rYuRi0NIYDaTRMvFP2AJIYGNjBIbOsshEkeYJP7sv8ICkuAVUJN4unsFWBGLgKrE9lVfwOJs AsoS6/dvBbNFBcIkTjbfYoeoF5Q4OfMJWFxEwFji7s8bYLawgKHE8wm/GSGWOUp0NU8Em8kp 4CTRduMQG4jNLKAnseP6L1YIW16ieets5gmMArOQjJ2FpGwWkrIFjMyrGGVTcqt0cxMzc4pT k3WLkxPz8lKLdM30cjNL9FJTSjcxgkKS3UV5B+Ofg0qHGAU4GJV4eDWC7UOEWBPLiitzDzFK cjApifIqSziECPEl5adUZiQWZ8QXleakFh9ilOBgVhLhfa4BlONNSaysSi3Kh0lJc7AoifNu +sEXIiSQnliSmp2aWpBaBJOV4eBQkuA9pA3UKFiUmp5akZaZU4KQZuLgBBnOAzT8FEgNb3FB Ym5xZjpE/hSjopQ471uQhABIIqM0D64XljJeMYoDvSLMex6kigeYbuC6XwENZgIaPDHUFmRw SSJCSqqBcX2HXZbLdJHsU9pifN82frh8zYLJUn7KzHTpE3uYv7YdkXVf3OhfFuRkwRku0GBc 72FRmurKlNPnHJmtHWBT3Gzpw/ng7LZPdlUnTjN9tZvEvE6Ea/UDNU/PPSemRq6/5tTIlXwu 6P1m4yWMl7d5XOfp2L8x1T50j7bXc79La5LYP373rmdUYinOSDTUYi4qTgQA8Bf3jfQCAAA=
Archived-At: http://mailarchive.ietf.org/arch/msg/kitten/2Uees-Kk51c_-O6cXnsUK4QMwNI
Subject: Re: [kitten] draft-ietf-kitten-iakerb-02
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Oct 2014 20:38:18 -0000
"tickts" is a typo. "Yes, the tags start at 1" might be more professionally stated as "Note that the tag numbers start at 1." "Since the GSS-API acceptor can act as a Kerberos acceptor, it always has an associated Kerberos realm." This does not follow. To be a Kerberos acceptor, all you need are some keys to decrypt AP-REQ authenticators with. You might have keys from multiple realms. There should be guidance on what to do if the acceptor has no default realm. "(including the generic token framing of the GSSAPI-Token type from [RFC4121])" should reference RFC 2743, shouldn't it? On 10/14/2014 10:55 AM, Benjamin Kaduk wrote: > Hi all, > > I've made an update to the IAKERB document, hopefully including all the > review comments made on the -00 and -01. > > It was a manual posting by the secretariat, so there does not appear to be > an announce email about it. Here are some links: > > HTML: https://tools.ietf.org/html/draft-ietf-kitten-iakerb-02 > > diff: https://tools.ietf.org/rfcdiff?url2=draft-ietf-kitten-iakerb-02.txt > > -Ben > > _______________________________________________ > Kitten mailing list > Kitten@ietf.org > https://www.ietf.org/mailman/listinfo/kitten >
- [kitten] draft-ietf-kitten-iakerb-02 Benjamin Kaduk
- Re: [kitten] draft-ietf-kitten-iakerb-02 Greg Hudson
- Re: [kitten] draft-ietf-kitten-iakerb-02 Benjamin Kaduk
- Re: [kitten] draft-ietf-kitten-iakerb-02 Greg Hudson
- Re: [kitten] draft-ietf-kitten-iakerb-02 Nico Williams
- Re: [kitten] draft-ietf-kitten-iakerb-02 Nico Williams
- Re: [kitten] draft-ietf-kitten-iakerb-02 Greg Hudson