IETF Logo Mail Archive

Re: [kitten] Windows Intent to revive and implement IAKerb draft-ietf-kitten-iakerb-03

josh.howlett@gmail.com Fri, 17 February 2023 10:03 UTC

Return-Path: <josh.howlett@gmail.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7471C15155B for <kitten@ietfa.amsl.com>; Fri, 17 Feb 2023 02:03:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id swZZlWq4Jcxn for <kitten@ietfa.amsl.com>; Fri, 17 Feb 2023 02:03:25 -0800 (PST)
Received: from mail-wr1-x42c.google.com (mail-wr1-x42c.google.com [IPv6:2a00:1450:4864:20::42c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 60F21C15155A for <kitten@ietf.org>; Fri, 17 Feb 2023 02:03:25 -0800 (PST)
Received: by mail-wr1-x42c.google.com with SMTP id r5so299360wrz.6 for <kitten@ietf.org>; Fri, 17 Feb 2023 02:03:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=thread-index:content-language:mime-version:message-id:date:subject :in-reply-to:references:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Jlh7Sy29NMLwdL6Ye08ye2v23UfXrexga5OTGyWfPv4=; b=EsZqbnW6A6jpsAw/3LX+kILkcKCwZ6vkEOnI/bHqT3yRpa1MEfijK7F0uc7g2ohers qtMh7hLw40gUq6xDBO5wcF32baJ4y9lc0u+hPlKwhL5j1tlCIgEE4iEIMrwDxCuC4sTg QEa/oZ4Qmp31E7rrA3jMCuH+szR4U8OFB+2JCZfxr5dgG4e1k7GsODpTZVGQy8065ZVa KBXJS3S/dBwU+FU/DpXgTF98oZ/VLi7mozlMSpsnC8WcFj7/7kUMPZwaF/Wv4G9x4d6p lumd0Yd5gX1+K59mRCtprqBG5uiiTNXXO9m/qLoamqe3oFvPgibZuUuAe5T8KzZirIWp 0yPw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=thread-index:content-language:mime-version:message-id:date:subject :in-reply-to:references:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Jlh7Sy29NMLwdL6Ye08ye2v23UfXrexga5OTGyWfPv4=; b=XYKp4clfLI2jkMLUPeH4dHJZcV527OYoAr8BCkcuKOcHZhtEOGCfzFSONUySygLIJw mQw9cppaW6qK8lw0N9xHupKBa7zwD+mk1h9XYzZD/tZuXKGUWcIVMRUCg238a+MTthv4 c+u1OFWiDVi1EMUgIJdHfI2JGa9DMkIeFSo3DnG63hTVWLtOKg8GRCEgtBqXSApjHTp4 zLIy2y3o+tVRYJ0gtNTmY5q87pWdfUCNcb3CEY5Y0RgPk31rYzMsiUorLnPMK4PZAh5+ If9f2aEk1Kh5KsBE75gUWH1srelZ3qyePIk6kVuMSjG2K53iNVGPnw93/0mbfeRovDpU AKwA==
X-Gm-Message-State: AO0yUKW9wr30Gd7jl863WLj2BlXj4RdhCT0vsXMlHaozTe+wkI4APnfq 4qRwmrHRF7Hx/N/ybb1GnojHkwibeKQ=
X-Google-Smtp-Source: AK7set+booHFJjRyi22LAjcUsG972JQXYY2s6wqogzC3TEZZBlQUJR/bVWk860g6WbAhi5wsAfq2HQ==
X-Received: by 2002:adf:f8d0:0:b0:2c5:5984:6f07 with SMTP id f16-20020adff8d0000000b002c559846f07mr7499644wrq.26.1676628203006; Fri, 17 Feb 2023 02:03:23 -0800 (PST)
Received: from TABLET7VKS5QAO (host81-142-222-159.in-addr.btopenworld.com. [81.142.222.159]) by smtp.gmail.com with ESMTPSA id w13-20020adfcd0d000000b002c54f39d34csm3736423wrm.111.2023.02.17.02.03.22 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 17 Feb 2023 02:03:22 -0800 (PST)
From: josh.howlett@gmail.com
To: "'Steve Syfuhs (AP)'" <Steve.Syfuhs=40microsoft.com@dmarc.ietf.org>, kitten@ietf.org
References: <MW4PR21MB1970A9D254B943A1763C55FF9CA09@MW4PR21MB1970.namprd21.prod.outlook.com>
In-Reply-To: <MW4PR21MB1970A9D254B943A1763C55FF9CA09@MW4PR21MB1970.namprd21.prod.outlook.com>
Date: Fri, 17 Feb 2023 10:03:21 -0000
Message-ID: <0aae01d942b7$11a0f5b0$34e2e110$@gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0AAF_01D942B7.11A33FA0"
X-Mailer: Microsoft Outlook 16.0
Content-Language: en-gb
Thread-Index: AQJPlOFOMv3J3dwEk6qzGFTFuiKYw63mQvUw
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/capgIoMNWdglu995ALytcVyU79Y>
Subject: Re: [kitten] Windows Intent to revive and implement IAKerb draft-ietf-kitten-iakerb-03
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Feb 2023 10:03:29 -0000

Hello Steve,

 

This is really interesting to hear. Are you happy to share your use cases
for IAKERB?

 

Josh 

 

From: Kitten <kitten-bounces@ietf.org> On Behalf Of Steve Syfuhs (AP)
Sent: 16 February 2023 23:57
To: kitten@ietf.org
Subject: [kitten] Windows Intent to revive and implement IAKerb
draft-ietf-kitten-iakerb-03

 

Howdy folks,

 

I'm a developer on the Windows auth team that oversees Kerberos development.
We were handed the torch from Larry, Michiko, and crew when they went off to
do other exciting things.

 

We're currently in the process of implementing IAKerb as per the latest
expired draft and want to revive it and see it through to full RFC. Happy to
go into detail about why, but the benefits are I think fairly self
explanatory.

 

Unfortunately there's a fair amount of institutional knowledge around this
protocol that's been lost to time and I was wondering if someone could
provide background on where things were last? What is required in order to
see it through?

 

We have a few open questions, specifically around interop.

 

What is the state of the MIT implementation? The draft refers to interop
with earlier versions. Is this something we need to reasonably care about?
The draft says the Finished checksum key usage is implemented as int 42, but
specced as 41. Why wasn't 42 used in the spec (that's otherwise a rather
obnoxious interop hack)?

 

As mentioned, happy to go into more detail about our plans.

 

Cheers

Steve

v2.23.0 | Report a Bug | By Email