IETF Logo Mail Archive

Re: [kitten] [EXTERNAL] Re: Windows Intent to revive and implement IAKerb draft-ietf-kitten-iakerb-03

Nico Williams <nico@cryptonector.com> Tue, 21 February 2023 00:44 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9556EC16950B for <kitten@ietfa.amsl.com>; Mon, 20 Feb 2023 16:44:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2NDdo0vBg7kK for <kitten@ietfa.amsl.com>; Mon, 20 Feb 2023 16:44:37 -0800 (PST)
Received: from dwarf.ash.relay.mailchannels.net (dwarf.ash.relay.mailchannels.net [23.83.222.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A6CE3C14F730 for <kitten@ietf.org>; Mon, 20 Feb 2023 16:44:36 -0800 (PST)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 8ED0C5C0F46; Tue, 21 Feb 2023 00:44:32 +0000 (UTC)
Received: from pdx1-sub0-mail-a299.dreamhost.com (unknown [127.0.0.6]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 2619E5C0F7D; Tue, 21 Feb 2023 00:44:32 +0000 (UTC)
ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1676940272; a=rsa-sha256; cv=none; b=2pf+DpIBPqeGP0NVuVu4L2vFuCuo8aahgzrlgOc7PG57txs0Z9jL7SN9rm1eofzv3nORLA jwmWqxdeQCCtegQQzJbVKz2DwRW9MRtrMl45loioUJA/UE+Dd5DSi2byp+ZdjODWcyGdtW V4nivnZ+hGFVrsDJ3/b8K6Erh4z1m1MxoPKMR0nastfjfhrh6yV0ThEfdV92E7Go+ETDGf Ipn4GggJWS1xg1CYWmiEyv2gn4/bi+Hj+5UANhHXpUiHPT+BsKY+CRqw9eXA++x+Dgx/Ow N9MuqXGr6jzyAesO7KngUSJePtCCyrSeJm9JC07GA13SP7qh4g6KecFIwDx2qw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1676940272; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references:dkim-signature; bh=rNlSFthQGloIe7FQ6kNdXNRhNlFTsN9gDTbG68iPpYw=; b=DfR8YX8wtC6FFqj1H+xxD5Iu14M2dgcgCu/KduWCzurH7GZ76oHdbWBj643znVsmSD7PEy lFOulOqAv9+cqRQvkIaHLdufE0HnoPH9GRjhModjmhh0zKW6etPiPC6ltwS7VsxRZfKqmS Vun4c8Q3mxjz4MbXjdfSne1W+3VrTikYapKxMc95YU6AqMzpS1t+iQhsBKSV2881JF1vlO iOQqB/oJzllxulIa0dlZRo8aAA6i+sUAgPd89+/ROYMspLnTTe8aoT9aIv4EJVoE02tzD5 fPkwN4WmV2Vlr9mmEGyZWvLGe8c6agNtDVSosgj7vet7wnR1ArlG32QADzSMJA==
ARC-Authentication-Results: i=1; rspamd-9788b98bc-pxv92; auth=pass smtp.auth=dreamhost smtp.mailfrom=nico@cryptonector.com
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-White-Battle: 50f221ad530fbefd_1676940272398_3351614709
X-MC-Loop-Signature: 1676940272398:302012701
X-MC-Ingress-Time: 1676940272398
Received: from pdx1-sub0-mail-a299.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.99.229.15 (trex/6.7.1); Tue, 21 Feb 2023 00:44:32 +0000
Received: from gmail.com (075-081-095-064.res.spectrum.com [75.81.95.64]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a299.dreamhost.com (Postfix) with ESMTPSA id 4PLLCM3JWNz8J; Mon, 20 Feb 2023 16:44:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cryptonector.com; s=dreamhost; t=1676940271; bh=rNlSFthQGloIe7FQ6kNdXNRhNlFTsN9gDTbG68iPpYw=; h=Date:From:To:Cc:Subject:Content-Type; b=Aw1Z8kxFbi7lKP9VZPKuJG1IircMVdtk6u3ZKc53RnHRyB4uKbrFmtq8c0eB8ifCl uGCPWOYajsB4vrgWixlSgp9C03H/8wYzWCkZWqoL35X83Qr3ymqqkrXD/GcMNgTmRy jcQxYfzkTravb78r16iCaHP6BC1Qw4s6/sG2gD1994p5osg4IoB4zjhA056fkIxCGx P5EOqLXxWXsffSAZMwFEQqa/VmH4WFth7Z5/oGQFXAUqKOBLRIm2W93GG6XCFJgtop fNQo38zufCf5ZtbT08qTxSsG9Q4O5oHRVl5H1eKjHbI+6LcpqCdy6KIF5RL53BdH50 SZhb724F6g6qg==
Date: Mon, 20 Feb 2023 18:44:28 -0600
From: Nico Williams <nico@cryptonector.com>
To: Ken Hornstein <kenh@pobox.com>
Cc: "kitten@ietf.org" <kitten@ietf.org>
Message-ID: <Y/QT7BxdTHq0RYTz@gmail.com>
References: <MW4PR21MB1970A9D254B943A1763C55FF9CA09@MW4PR21MB1970.namprd21.prod.outlook.com> <de4cbe7b-85b5-7001-3a8c-74787990c6e0@secure-endpoints.com> <eb9fa7a4-a00d-f388-27aa-3624df8ce4f2@secure-endpoints.com> <MW4PR21MB197060FB388E7922FAADEB079CA19@MW4PR21MB1970.namprd21.prod.outlook.com> <6cb6f5ddfc7b9b150b4eef72db5a3f3b9566fd80.camel@redhat.com> <20230219194355.36139173DDE@pb-smtp2.pobox.com> <Y/K2IEhX6c+b05Ye@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <Y/K2IEhX6c+b05Ye@gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/B41BeqewbV4L5MtGQhTfuFoj1VU>
Subject: Re: [kitten] [EXTERNAL] Re: Windows Intent to revive and implement IAKerb draft-ietf-kitten-iakerb-03
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Feb 2023 00:44:41 -0000

On Sun, Feb 19, 2023 at 05:52:00PM -0600, Nico Williams wrote:
> There are good reasons why Kerberos is still around; the shortcomings of
> other systems are among them.  But there's been zero work in 30 years on
> making Kerberos easy to deploy, orchestrate, and operate.  [...]

Ah, not to give offense to folks like Simo and Roland that have done a
lot of work in that space.  I was referring to IETF work.

Nico
--

v2.23.0 | Report a Bug | By Email