Re: [kitten] I-D Action: draft-ietf-krb-wg-cammac-07.txt
Tom Yu <tlyu@MIT.EDU> Tue, 20 May 2014 20:33 UTC
Return-Path: <tlyu@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 004C61A0782 for <kitten@ietfa.amsl.com>; Tue, 20 May 2014 13:33:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.252
X-Spam-Level:
X-Spam-Status: No, score=-3.252 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y-V9W1r2o42k for <kitten@ietfa.amsl.com>; Tue, 20 May 2014 13:33:23 -0700 (PDT)
Received: from dmz-mailsec-scanner-1.mit.edu (dmz-mailsec-scanner-1.mit.edu [18.9.25.12]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9509A1A077D for <kitten@ietf.org>; Tue, 20 May 2014 13:33:21 -0700 (PDT)
X-AuditID: 1209190c-f79946d000000c3b-28-537bbc100036
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-1.mit.edu (Symantec Messaging Gateway) with SMTP id 2A.1E.03131.01CBB735; Tue, 20 May 2014 16:33:20 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id s4KKXJxQ015552 for <kitten@ietf.org>; Tue, 20 May 2014 16:33:20 -0400
Received: from localhost (sarnath.mit.edu [18.18.1.190]) (authenticated bits=0) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id s4KKXIB6012490 for <kitten@ietf.org>; Tue, 20 May 2014 16:33:19 -0400
From: Tom Yu <tlyu@MIT.EDU>
To: kitten@ietf.org
References: <20140508184930.30482.94798.idtracker@ietfa.amsl.com>
Date: Tue, 20 May 2014 16:33:18 -0400
In-Reply-To: <20140508184930.30482.94798.idtracker@ietfa.amsl.com> (internet-drafts@ietf.org's message of "Thu, 08 May 2014 11:49:30 -0700")
Message-ID: <ldvbnusb375.fsf@sarnath.mit.edu>
Lines: 20
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrFIsWRmVeSWpSXmKPExsUixG6noiuwpzrY4PINIYujm1exODB6LFny kymAMYrLJiU1J7MstUjfLoEro+9jJ1PBVo6KVy/uMDUwvmXrYuTkkBAwkbi35DsThC0mceHe eqA4F4eQwGwmiQ0rPrJDOMcZJQ4uOcwI4TQxSZyYvRsow8HBJiAtcXRxGUi3iICwxO6t75hB bGEBC4nNF3YygthCAo4SR/Z+YgEpZxFQlTgwrQ5kDKfABEaJPW8fs4PU8AroSvSdegrWyyPA KbHo9zw2iLigxMmZT1hAbGYBLYkb/14yTWDkn4UkNQtJagEj0ypG2ZTcKt3cxMyc4tRk3eLk xLy81CJdQ73czBK91JTSTYygIOOU5NnB+Oag0iFGAQ5GJR5ej4LqYCHWxLLiytxDjJIcTEqi vPG7gEJ8SfkplRmJxRnxRaU5qcWHGCU4mJVEeFOXAeV4UxIrq1KL8mFS0hwsSuK8b62tgoUE 0hNLUrNTUwtSi2CyMhwcShK8H0CGChalpqdWpGXmlCCkmTg4QYbzAA3n3Q0yvLggMbc4Mx0i f4pRUUqctx6kWQAkkVGaB9cLSwKvGMWBXhHmfQtSxQNMIHDdr4AGMwEN/ru4EmRwSSJCSqqB kefIkU49fXHpHx7rFI8mXLWJzpm18/dBBrX6Cr6NBbvqosTK6qV/r1i8fHt/YmForHvBvjON RaxLJpj/fXHFPWdprpCARNHN7XovLWSOHfHZGe5WwcNa6jHj0V/r/+Wr5P6qayivvbLiVJml uKvD+plZMSFpeYZB33ZOULnQo5S35sySk6vClViKMxINtZiLihMBEVaP5d0CAAA=
Archived-At: http://mailarchive.ietf.org/arch/msg/kitten/Fr6ym0xWjiufXNTVy-gUFsv8sbs
Subject: Re: [kitten] I-D Action: draft-ietf-krb-wg-cammac-07.txt
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 May 2014 20:33:25 -0000
I think this is ready for Working Group Last Call if we strike out the open questions. The most significant technical change is to change kdc-verifier so that it binds to the ticket. There are significant editorial changes to the motivation text, which hopefully reads more smoothly now. Thanks to Ben, Zhanna, and others who made suggestions. Changed other-verifiers so that it encodes more compactly in the common case where there are no Verifiers in other-verifiers. I recall no significant objections to this. Made kvno and enctype optional in Verifier-MAC. I think there was consensus for this after people realized that a checksum rather than ciphertext was involved. One possible open question is whether to define some verifier that is like the kdc-verifier but not bound to the ticket. This would allow for detached CAMMAC verification without needing a copy of the ticket. I'm inclined to defer this until there's a use case for it, because it can probably be put in other-verifiers, and might not even require additional specification.
- [kitten] I-D Action: draft-ietf-krb-wg-cammac-07.… internet-drafts
- Re: [kitten] I-D Action: draft-ietf-krb-wg-cammac… Tom Yu
- Re: [kitten] I-D Action: draft-ietf-krb-wg-cammac… Benjamin Kaduk