Re: [kitten] Authentication Indicator in Kerberos tickets
Benjamin Kaduk <kaduk@MIT.EDU> Wed, 01 October 2014 17:26 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 37F191A1A66 for <kitten@ietfa.amsl.com>; Wed, 1 Oct 2014 10:26:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.987
X-Spam-Level:
X-Spam-Status: No, score=-4.987 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.786, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lmcuzGt5TBtJ for <kitten@ietfa.amsl.com>; Wed, 1 Oct 2014 10:26:01 -0700 (PDT)
Received: from dmz-mailsec-scanner-2.mit.edu (dmz-mailsec-scanner-2.mit.edu [18.9.25.13]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 82C9B1A1A77 for <kitten@ietf.org>; Wed, 1 Oct 2014 10:25:56 -0700 (PDT)
X-AuditID: 1209190d-f79c06d000006f95-d0-542c39235bb0
Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-2.mit.edu (Symantec Messaging Gateway) with SMTP id 69.20.28565.3293C245; Wed, 1 Oct 2014 13:25:55 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id s91HPshB029566; Wed, 1 Oct 2014 13:25:55 -0400
Received: from multics.mit.edu (system-low-sipb.mit.edu [18.187.2.37]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id s91HPqna030989 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 1 Oct 2014 13:25:54 -0400
Received: (from kaduk@localhost) by multics.mit.edu (8.12.9.20060308) id s91HPquX024325; Wed, 1 Oct 2014 13:25:52 -0400 (EDT)
Date: Wed, 01 Oct 2014 13:25:52 -0400
From: Benjamin Kaduk <kaduk@MIT.EDU>
To: Richard Feezel <rfeezel@gmail.com>
In-Reply-To: <CAGCzPPDqKxxd352bgcR=mjo6+PwhWwyaXyi90V0zVHs3pZMyXw@mail.gmail.com>
Message-ID: <alpine.GSO.1.10.1410011317010.17516@multics.mit.edu>
References: <1409243818.9966.3.camel@redhat.com> <CAGCzPPDqKxxd352bgcR=mjo6+PwhWwyaXyi90V0zVHs3pZMyXw@mail.gmail.com>
User-Agent: Alpine 1.10 (GSO 962 2008-03-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrBIsWRmVeSWpSXmKPExsUixCmqrKtsqRNi8P6YkMXRzatYLLqunWVz YPLYOesuu8eSJT+ZApiiuGxSUnMyy1KL9O0SuDK+3ehmLdjJVXFtsmYD4xaOLkZODgkBE4kZ 29cxQ9hiEhfurWfrYuTiEBKYzSTxr6uTBcLZwCix+uU3JgjnIJPEuruHWEBahATqJRbemQXW ziKgJXFjw2VWEJtNQEVi5puNbCC2iICaRPvr62D1zALCEuvPzQCrFxZwkpi55BZYDadAoMSX W/8YQWxeAUeJj10f2CHml0o03P0M1isqoCOxev8UFogaQYmTM59AzdSSWD59G8sERsFZSFKz kKQWMDKtYpRNya3SzU3MzClOTdYtTk7My0st0jXSy80s0UtNKd3ECA5USd4djO8OKh1iFOBg VOLhVUjQDhFiTSwrrsw9xCjJwaQkyltrphMixJeUn1KZkVicEV9UmpNafIhRgoNZSYR3lSZQ jjclsbIqtSgfJiXNwaIkzrvpB1+IkEB6YklqdmpqQWoRTFaGg0NJgneyOVCjYFFqempFWmZO CUKaiYMTZDgP0HA/kBre4oLE3OLMdIj8KUZdjnWd3/qZhFjy8vNSpcR5N4MUCYAUZZTmwc2B JZhXjOJAbwnz3gSp4gEmJ7hJr4CWMAEtSV6jDbKkJBEhJdXAuFZIz2SzMcuMkqBn8z087cu3 erSHCH1uLJoaw7nX8Z970SqVZV1fr5cxLJvDmaKyaMqG56/Z0j6s3CgbNzXug8Wb6go3acO5 MzOi5Kb+iFllLLdlzl6zfey2ytUVsiInTn3mbIrjcTv+iSujw8AlWvXduU1Pw1Ld7JUbd2UX CF5YXX9k34VGJZbijERDLeai4kQA2UAPMQsDAAA=
Archived-At: http://mailarchive.ietf.org/arch/msg/kitten/i0mP7Kq6Kp_3XhJYqf_UdOzxnvU
Cc: kitten@ietf.org
Subject: Re: [kitten] Authentication Indicator in Kerberos tickets
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Oct 2014 17:26:03 -0000
On Mon, 29 Sep 2014, Richard Feezel wrote: > I would like to encourage the group to adopt this document as well. [puts on chair hat] Thanks for speaking up. I think I would like to hear a little bit more support from other WG participants before adopting this as a WG item, though. Does anyone else want to see us pick it up? I think Nico was expressing some opinions on how things like this should be done on IRC, so maybe he would support it? [takes off chair hat] > I plan to do some trial implementation testing and would like to know what > values I can safely use for the Authorization Data fields for CAMMAC and > Authentication Indicators in advance of an official action by this group > and the IANA? The draft-ietf-krb-wg-cammac-10 assigns the ad-type number 96 for AD-CAMMAC. For the AUTHENTICATION-INDICATOR itself (hmm, that should be changed to have an AD- prefix), there is not yet an assigned number, but draft-ietf-kitten-kerberos-iana-registries-03 specifies that negative integer values are for private or local use. You are unlikely to encounter trouble picking a ~random negative 32-bit signed integer and using it for your local implementation, but should expect to change your implementation when an official value is assigned. Does that address your question? -Ben Kaduk
- [kitten] Authentication Indicator in Kerberos tic… Nathaniel McCallum
- Re: [kitten] Authentication Indicator in Kerberos… Greg Hudson
- Re: [kitten] Authentication Indicator in Kerberos… Benjamin Kaduk
- Re: [kitten] Authentication Indicator in Kerberos… Richard Feezel
- Re: [kitten] Authentication Indicator in Kerberos… Benjamin Kaduk
- Re: [kitten] Authentication Indicator in Kerberos… Richard Feezel
- Re: [kitten] Authentication Indicator in Kerberos… Benjamin Kaduk
- Re: [kitten] Authentication Indicator in Kerberos… Tom Yu
- Re: [kitten] Authentication Indicator in Kerberos… Nico Williams
- Re: [kitten] Authentication Indicator in Kerberos… Simo Sorce
- Re: [kitten] Authentication Indicator in Kerberos… Jeffrey Altman
- Re: [kitten] Authentication Indicator in Kerberos… Benjamin Kaduk