Re: [kitten] Comments on draft-ietf-krb-wg-camac-08

[Benjamin Kaduk <kaduk@MIT.EDU>]

On Fri, 1 Aug 2014, Sam Hartman wrote:

>>>>>> "Nico" == Nico Williams <nico@cryptonector.com> writes:
>
>    Nico> On Fri, Aug 1, 2014 at 11:54 AM, Tom Yu <tlyu@mit.edu> wrote:
>    >> I agree that AD-CAMMAC should have the same effect on the
>    >> criticality of its contents as AD-KDC-ISSUED.  We can recommend
>    >> that a CAMMAC be put in AD-IF-RELEVANT if it is likely that the
>    >> consuming service won't understand it.  The KDC might have enough
>    >> knowledge of the capabilities of the service that the extra layer
>    >> of wrapping might not be necessary.
>
>    Nico> I agree with this.
>
> I'm fine with this too.

I'm glad to see lots of people chiming in with agreement, but are we all 
clear on what we're agreeing to?

Are we accepting Greg's reading of 4120 section 5.2.6.2, "This element and 
the elements it encapsulates MAY safely be ignored by applications, 
application servers, and KDCs that do not implement this element."

-Ben