[kitten] Windows Intent to revive and implement IAKerb draft-ietf-kitten-iakerb-03
"Steve Syfuhs (AP)" <Steve.Syfuhs@microsoft.com> Thu, 16 February 2023 23:57 UTC
Return-Path: <Steve.Syfuhs@microsoft.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1E1CC169509 for <kitten@ietfa.amsl.com>; Thu, 16 Feb 2023 15:57:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xYsBcfrmIZji for <kitten@ietfa.amsl.com>; Thu, 16 Feb 2023 15:57:29 -0800 (PST)
Received: from DM5PR00CU002-vft-obe.outbound.protection.outlook.com (mail-cusazlp170110003.outbound.protection.outlook.com [IPv6:2a01:111:f403:c111::3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D9BB8C169501 for <kitten@ietf.org>; Thu, 16 Feb 2023 15:57:29 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JsQEwjlwSEqyPv+9dFChJW5INpEBXHNc6kS1VvxMM0uj+EfnGsLFtvB75iQzuzdxoBnzpd1HQWp7o1XkDpAahKcU/aRFsyvnFOv8KsXrHF7cWmWL3usvNomatl1Rxwrq/uTMneo6vZ5irxWEYNpumrOuRm4bM5Bf2cFnWqb/SxgFeoHRyytIQFfDZylKmnJbgpzG0aKyckzKGa/eX3SOa+dlRvi0t1/Z9xjOCpaGGkAN5blCEEVCAsk0pTuqWu6lRM7XoFRmuZYL1jsX/d2txuppujcFhKqJ/c9BGHeys+RvaDpcIsWGvdVVPJ3rlQ4mycpD7DOQ6td+FJoHpcXY1A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=8MeA7vZcGkW7L2bmnmhuHdXk7GjsdIgHekvED4GU5iM=; b=ic4KT9jZq5g7AoPa+bXgDO4ImyN0F04+vDqVsKXf0dR82UQQUaqnQZorCrsaJpucXY/iiNWhFL+/Y1aP/fZqGkQkUQsEwriOgT/3R8ZeMtoJ6DxhaIuKXRXjg2XJP6cqa7uFCHN8CgvFyvspL9wRbg38gQSk6t9GsFcXDdRRnZvXSyLTalt9OnnRoBdI8xxyAtbO+bLktgWmewiz3Wls7yCA9HryS+hWiC8sB25IysrDDhwm3ktZTVbyIi562zB0hK3QO2PQ952ieeJpMaorXG4vbkxPLHHzufCSLA11lszafRKZP/Ust+c4epDIqLFuZeGEMMDzCvgkdFrWg4lLBQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8MeA7vZcGkW7L2bmnmhuHdXk7GjsdIgHekvED4GU5iM=; b=AqLwAnadOsmmFRJahRALfGso0HEPoFtMkbSpVbuQMB1gejyxOyDo3T5zrXQW5QaSIOjhcK8x+X3vkUqUWrjsVzqSwEQVTzG64fdB15TNroQFXHYPo91m1troXC2vCAYj0JyCtImHG6P0xGqNk73UQtOprg4CIsHiVDAKWbJ1oSk=
Received: from MW4PR21MB1970.namprd21.prod.outlook.com (2603:10b6:303:70::14) by LV2PR21MB3060.namprd21.prod.outlook.com (2603:10b6:408:17f::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6134.6; Thu, 16 Feb 2023 23:57:25 +0000
Received: from MW4PR21MB1970.namprd21.prod.outlook.com ([fe80::5e00:89be:2491:e25]) by MW4PR21MB1970.namprd21.prod.outlook.com ([fe80::5e00:89be:2491:e25%7]) with mapi id 15.20.6134.011; Thu, 16 Feb 2023 23:57:25 +0000
From: "Steve Syfuhs (AP)" <Steve.Syfuhs@microsoft.com>
To: "kitten@ietf.org" <kitten@ietf.org>
Thread-Topic: Windows Intent to revive and implement IAKerb draft-ietf-kitten-iakerb-03
Thread-Index: AdlCYBceCBvDn8+PTpigjXQ22G/pWQ==
Date: Thu, 16 Feb 2023 23:57:25 +0000
Message-ID: <MW4PR21MB1970A9D254B943A1763C55FF9CA09@MW4PR21MB1970.namprd21.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=6219cd12-f3c1-473d-b1ef-11a532b06043; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2023-02-16T23:37:55Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MW4PR21MB1970:EE_|LV2PR21MB3060:EE_
x-ms-office365-filtering-correlation-id: b28335ec-4e87-4f69-7985-08db10798da7
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: BdKUu8LUvl6ywY/0lKBSQRpy164GEnNUrgJu+Zk+yoIWE9LpPDsaXY7HeJXNtiWQrqZ3wZDqA+zaiV4GWeTSuBqzfCvVgvROYk9OKeK3W443v1GrLGtE0X3nJ6+JDhlei3jTsIbD02NlQc2pNWXGYxEfz56lgv+PYIPbTl5WUcyQJ25B55laZlAuLP90rS5UD1wAagC4JX4euM8XhhTCNQjL/kBnNyPFKp+e9dNJUh0C5cc1s5qUDmO81zS8Q0+4RoCRn84+UqJiJlB48thDXwnfAvw+96XPC/NkP1tWMpI5dRAUsBpvYe4kQqFVaFNwYaHzYwvsPv4vbNaC7yshgaE+jIb8iixK8Rf/k5y7YlNQiocfdBn0gygjxuQaB3RTZEhFz3OiJ/wOA3FLpFOZy/6HKlr1toFBzhsllWB27wFpD/lunYArWvT1oLhlhYkUavpLydo8seR12JTZyyYsWLUOkYHD0gdVbr7fJFKZ2eJKf+tcPVizFkMN7Yxs7ZcR6x/Ysb8bWL6mKSgX6Vt9UpTZCOuG0Fv8lBsZ7XXBhmv3qg2GWwrrOeZvkqX38OxjfoTk9nLHfBjR7cy166yBLth7Q8CvH3dkaIcOT0/qxwAu08q32S2Kksz49CMugIiyO6ilo6DZAaKknKcj/TPHveW+IrVs3bqddle4/Ueou6QSm20wZtaSa0Ujp/r5Y7pbhEh6eMWW/ITzJy1PRO6RsxWFoYDNTBBt09hDATRmmdpzPC176ovfz7GM/yvyoU/6
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MW4PR21MB1970.namprd21.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230025)(4636009)(346002)(366004)(39860400002)(376002)(396003)(136003)(451199018)(55016003)(83380400001)(7696005)(71200400001)(10290500003)(316002)(66446008)(122000001)(82950400001)(6506007)(8990500004)(33656002)(86362001)(2906002)(38070700005)(186003)(9686003)(478600001)(66946007)(8676002)(76116006)(41300700001)(66556008)(6916009)(66476007)(64756008)(38100700002)(52536014)(8936002)(5660300002)(82960400001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: kO0K+DPgTaT42SsYuuHeaKyo85Q09470EXdSJLSxQviU3q+xYd4B9ioV3x7Up8I8fe1fG9wEMOvFesi5dY53FwVel2rSK/UarTCbmUsbHKgpi3xgC73ErkdttxMsA6jKNqCdZ0pc/QSa3BJccdrzrXO5vR9pwP9/tueXn/hD9Q4+6TFOuLlI52D8KFC8TDcQNe5JtbUooPKcW1P2VkK3yp/Y8fAK9ahCP0tVLUZM1Xin4L42g1bQm8hclcCfqli8h9fA8VuEfa9roaZ4jEh3hsOswCuwG78WSyLjzgq+2SJ3w+dQuZrjQIs/UkHUGeZuuc3DQBaGmPJAmfRQnt3R8e2+zP/VGPjQgkXMnqoAKO310dQRdhT6vGSfTiwJrqicPvHINNGn5oXB11nEKBNVJ5nhcf49Kk5AVuhdbPwn2f4l/FslutV9il8D9Ee5ME25lECvQuCkeHqghC1i4khjCGEH+evyRnNYgkgem4X/6qfuCdo0aNs0GJ10REptOblVWoKTHy/O0VNwEyLoHQrLnvrNGuXhzetihPRsNzKHlSvShA1KScGNput1CfttY+pPwVkcz7SpDvEx+rvNyfaKSGCJpQQxXw7pLbkbtf2/iUmBXTET5XEODEyKR0bMHZHNEF0AvQqBWN7y9PdLMBLU2ofphTPiBIVcJTTdy1pnSotF1xUFexbi7+4uZwrwTlpRiBcr4mY+P1x+KwOROk12miQWkvab3IEwDx+PNNxFohv6v2UvHRhSbfIodqZsCNcun1Dzbg02fFL0vl1vT3INGsWGpfHJZ4rPeqRyjelzzJg1D7VErIdpzbH0p32f5et85RnMW6ORmhLQ995tOm/H/QD6U32NtmxsHMevU7PofzOAlnzmVKEbIxe0jquezk184S+m6uceJw1X13nWnCMgdT2GnBpHQ/6O/Byg/a+32XH5ru/4ZV6wsH0OZWw6Dy6nZUmHTcRptdV/z9Qw2d8gYD23VZ5C17g9NiXEVQZNPoZE8pGCIpIy40jpgRKsdhNgx4UIeVJvcIHOson4h9Iq8m0Q6IUXDLaPYgiOL4rBzad7Ey2i9IKYuAPiqC+qMg/2iZdP7DO/wtVWg9wB2xYXG+ZEXGNBEsaLYFEjQrfbzF0Q+ZtRkU/lheKQC8GO7lRM8ojUj+GVe/vRtIovTn2n7cKLn94qjc0Z933uJ6OFVwgroPdiyxcq0WUPpVPqyWJRu6LSr7Qt+sFOzlS2AGByRWn6YGC6uLQTuTfSn21feUvsfKeZ4AIjp5fkMjo/NzmEYIwpsasUxWq25wcylAcUdpwIKTPshfYrMgXzDTf7SpBHgsABrgAl2ORhCh5XWB2tVNTrLQ9iYJdAU0eskkkZVpshrqfs0oWxpV94L68BL6q1rfINynfO+sqT6aiMJ8jTvMJdi5qLPP/9pPpZUFJkS6e5p68t/cZ5cZp/JjXM2eA42nM0Xo3AxzSxmCdiNkBTKFLT48yADpn0RIzqKErmL5aM1ADnKBp/CApd9c+QxvAHdJWjgpUeFGfQLPlu+VlB7XG4PnQB2cxGcG2FU1TPS6hmxkQhjD0ghDj6c99TcGzRIE1mD4jAVxpiid8MHeqXEJv/JDAM7yEe2cdaZQHIMDId5OSHDq6IqP5UCJHoaqAih3m+RM1n6ds6uyzbBjmZ
Content-Type: multipart/alternative; boundary="_000_MW4PR21MB1970A9D254B943A1763C55FF9CA09MW4PR21MB1970namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MW4PR21MB1970.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b28335ec-4e87-4f69-7985-08db10798da7
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Feb 2023 23:57:25.6238 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: EglXg94gqnuh+hmetSeMvWbJTvvjzh27pF6TFgY3eG5SxMMb7VtTqlauGev/WqMxYqy8xfq575JLx1whRb3Jhw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV2PR21MB3060
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/VLOAFb4Furo4T4nr88FNrjXG6Gw>
Subject: [kitten] Windows Intent to revive and implement IAKerb draft-ietf-kitten-iakerb-03
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Feb 2023 23:57:30 -0000
Howdy folks, I'm a developer on the Windows auth team that oversees Kerberos development. We were handed the torch from Larry, Michiko, and crew when they went off to do other exciting things. We're currently in the process of implementing IAKerb as per the latest expired draft and want to revive it and see it through to full RFC. Happy to go into detail about why, but the benefits are I think fairly self explanatory. Unfortunately there's a fair amount of institutional knowledge around this protocol that's been lost to time and I was wondering if someone could provide background on where things were last? What is required in order to see it through? We have a few open questions, specifically around interop. What is the state of the MIT implementation? The draft refers to interop with earlier versions. Is this something we need to reasonably care about? The draft says the Finished checksum key usage is implemented as int 42, but specced as 41. Why wasn't 42 used in the spec (that's otherwise a rather obnoxious interop hack)? As mentioned, happy to go into more detail about our plans. Cheers Steve
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Greg Hudson
- [kitten] Windows Intent to revive and implement I… Steve Syfuhs (AP)
- Re: [kitten] Windows Intent to revive and impleme… Luke Howard Bentata
- Re: [kitten] Windows Intent to revive and impleme… Greg Hudson
- Re: [kitten] Windows Intent to revive and impleme… josh.howlett
- Re: [kitten] Windows Intent to revive and impleme… Luke Howard Bentata
- Re: [kitten] Windows Intent to revive and impleme… Jeffrey Altman
- Re: [kitten] Windows Intent to revive and impleme… Jeffrey Altman
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Steve Syfuhs (AP)
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Nico Williams
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Nico Williams
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Steve Syfuhs (AP)
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Luke Howard
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Nico Williams
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Luke Howard Bentata
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Steve Syfuhs (AP)
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Luke Howard Bentata
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Luke Howard Bentata
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Steve Syfuhs (AP)
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Nico Williams
- [kitten] Replacing Kerberos (Re: Windows Intent t… Nico Williams
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Simo Sorce
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Simo Sorce
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Ken Hornstein
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Nico Williams
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Paul Romero
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Nico Williams
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Nico Williams
- Re: [kitten] Replacing Kerberos (Re: Windows Inte… Luke Howard
- Re: [kitten] Replacing Kerberos (Re: Windows Inte… Nico Williams
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Steve Syfuhs (AP)
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Nico Williams
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Nico Williams
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Luke Howard Bentata
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Nico Williams
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Luke Howard
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Nico Williams
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Steve Syfuhs (AP)
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Steve Syfuhs (AP)
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Nico Williams
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Steve Syfuhs (AP)
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Nico Williams
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Andrew Bartlett
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Simo Sorce
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Nico Williams
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Steve Syfuhs (AP)
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Nico Williams
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Nico Williams
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Steve Syfuhs (AP)
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Nico Williams
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Steve Syfuhs (AP)
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Nico Williams
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Nico Williams
- [kitten] Updates to IAKERB (Re: Windows Intent to… Nico Williams
- Re: [kitten] Updates to IAKERB (Re: Windows Inten… Nico Williams
- Re: [kitten] Replacing Kerberos Erin Shepherd
- Re: [kitten] Replacing Kerberos Nico Williams
- Re: [kitten] Replacing Kerberos D.Rogers
- Re: [kitten] Replacing Kerberos Nico Williams
- Re: [kitten] Replacing Kerberos Nico Williams
- Re: [kitten] Replacing Kerberos Erin Shepherd
- Re: [kitten] Replacing Kerberos Watson Ladd
- Re: [kitten] Replacing Kerberos Nico Williams
- Re: [kitten] Replacing Kerberos Simo Sorce