IETF Logo Mail Archive

Re: [kitten] Windows Intent to revive and implement IAKerb draft-ietf-kitten-iakerb-03

Luke Howard Bentata <lukeh@padl.com> Fri, 17 February 2023 02:00 UTC

Return-Path: <lukeh@padl.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB758C16B5D4; Thu, 16 Feb 2023 18:00:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=padl.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pyR2WkUfeIXY; Thu, 16 Feb 2023 18:00:08 -0800 (PST)
Received: from us.padl.com (us.padl.com [216.154.215.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 52ECBC169526; Thu, 16 Feb 2023 18:00:04 -0800 (PST)
Received: from auth (localhost [127.0.0.1]) by us.padl.com (8.14.7/8.14.7) with ESMTP id 31H1xwqg022734 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 17 Feb 2023 02:00:02 GMT
DKIM-Filter: OpenDKIM Filter v2.11.0 us.padl.com 31H1xwqg022734
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=padl.com; s=default; t=1676599203; bh=BlbcXIheq2p0CfrZRufgAhA9DkSbx4UK6ebdD/crx4s=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=NZnzSQ7DAvCL5Um3Ao4rMYu9naqImDBDIg0sngGOafKgiha33JoMgoI727feuLTLQ EQxC8d31ZEe2W/ESBgYPgkNoL0/unT0sO2uelvLXjUy/tvhDBK5WA5+ko9FYNH9FgW 9hX9VjttL3uGS3caoXZERx2q2/LSoJXiR7X+m9EBiUa+LTfQVArZN+HOOGdEc6cNtp 2ZtJhfoeZnWGdZV7X/eBfUQOC7/AU2ngOYmfmjj32unxcjvdxjXtxPOC+RK99XC4jy cXdd0EJaj4CIeauqXeC2QX0cx1GolXcb4DGgvnq5rA3STyLePSX8NDAQ4AJGpupO79 fOhvKt3SPhgkA==
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
From: Luke Howard Bentata <lukeh@padl.com>
In-Reply-To: <MW4PR21MB1970A9D254B943A1763C55FF9CA09@MW4PR21MB1970.namprd21.prod.outlook.com>
Date: Fri, 17 Feb 2023 12:59:57 +1100
Cc: "kitten@ietf.org" <kitten@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <7F4271B8-2599-4D29-80E4-C72824A95D44@padl.com>
References: <MW4PR21MB1970A9D254B943A1763C55FF9CA09@MW4PR21MB1970.namprd21.prod.outlook.com>
To: "Steve Syfuhs (AP)" <Steve.Syfuhs=40microsoft.com@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/sg4jUPNFgv1NlUtlBZJmx-o4SZA>
Subject: Re: [kitten] Windows Intent to revive and implement IAKerb draft-ietf-kitten-iakerb-03
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Feb 2023 02:00:12 -0000

Hi Steve,

I did write the original IAKERB implementation for MIT, but Greg Hudson (whom I’m sure will chime in soon) will be best placed to answer your questions.

Just looking at the key usage numbers, it looks like MIT still implements the older draft (KU 42) whereas Apple’s fork of Heimdal uses KU 41 so it may implement a more recent draft. (Apple’s IAKERB implementation was never merged upstream into Heimdal.)

Cheers,
Luke

v2.23.0 | Report a Bug | By Email