IETF Logo Mail Archive

Re: [kitten] [EXTERNAL] Re: Windows Intent to revive and implement IAKerb draft-ietf-kitten-iakerb-03

Luke Howard <lukeh@padl.com> Tue, 21 February 2023 03:42 UTC

Return-Path: <lukeh@padl.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C4F7C13A06D for <kitten@ietfa.amsl.com>; Mon, 20 Feb 2023 19:42:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=padl.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J2E9LMzsari2 for <kitten@ietfa.amsl.com>; Mon, 20 Feb 2023 19:42:08 -0800 (PST)
Received: from us.padl.com (us.padl.com [216.154.215.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E8D3C1524AE for <kitten@ietf.org>; Mon, 20 Feb 2023 19:42:07 -0800 (PST)
Received: from auth (localhost [127.0.0.1]) by us.padl.com (8.14.7/8.14.7) with ESMTP id 31L3fqpP008200 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 21 Feb 2023 03:41:59 GMT
DKIM-Filter: OpenDKIM Filter v2.11.0 us.padl.com 31L3fqpP008200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=padl.com; s=default; t=1676950920; bh=Se6DBlP5eociZqgqhVhDPK6PrEenZyl0nh7u7Ivrgps=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=vduF4cjiwftPC1k1nGD8k5UkZ7lESEDb3n1Now7xWowk6ZVwoVWxus4E2gzkK/Mb5 cFp+z+H2+MCfFE4IIM1YPyU0h6aw60lLtQNqJ2015hyeF7c8g7e4x9mY28nlyNX6E+ 7pomHclMJU8j5NsmRJjUoHtX7jJCEF+oqZXb4QKwFOOiXY88psntvs+U6i1HTzKlVb ksX+E5Cmu/O3JxT1YvzQlqRNEsOxLwKcrUFt6zjvJC6QWbHFrA5z3k5WNlpqbcDHxG DrWvAky5hBDWvIyLx92mcFO+S0UzstgczCPaPwINvSV0j+Ig4IjgL5S7D07fPO+McV XdQ0fso+6POlQ==
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
From: Luke Howard <lukeh@padl.com>
In-Reply-To: <Y/Q7hdTOF1HaxQKM@gmail.com>
Date: Tue, 21 Feb 2023 14:41:51 +1100
Cc: Ken Hornstein <kenh@pobox.com>, "kitten@ietf.org" <kitten@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <B2AFDFEC-A977-4954-90B1-49E7D25D51D6@padl.com>
References: <MW4PR21MB1970A9D254B943A1763C55FF9CA09@MW4PR21MB1970.namprd21.prod.outlook.com> <de4cbe7b-85b5-7001-3a8c-74787990c6e0@secure-endpoints.com> <eb9fa7a4-a00d-f388-27aa-3624df8ce4f2@secure-endpoints.com> <MW4PR21MB197060FB388E7922FAADEB079CA19@MW4PR21MB1970.namprd21.prod.outlook.com> <6cb6f5ddfc7b9b150b4eef72db5a3f3b9566fd80.camel@redhat.com> <20230219194355.36139173DDE@pb-smtp2.pobox.com> <Y/K2IEhX6c+b05Ye@gmail.com> <Y/QT7BxdTHq0RYTz@gmail.com> <7064A9EB-EB01-426C-9BED-AFB97FA93551@padl.com> <Y/Q7hdTOF1HaxQKM@gmail.com>
To: Nicolas Williams <nico@cryptonector.com>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/vVoIaWVHnSEWY_uxH-ixNDqbF4c>
Subject: Re: [kitten] [EXTERNAL] Re: Windows Intent to revive and implement IAKerb draft-ietf-kitten-iakerb-03
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Feb 2023 03:42:12 -0000

> Those don't help with orchestration or operation though.

Ah true, missed that context.

> I'm referring to things like RFC 3244 being the only RFC (Informational
> at that) for password changes or key changes.  The only other thing we
> have in that space is an LDAP schema, but it doesn't necessarily with
> AD, right?  And many sites don't use either.

Yes, MIT and Heimdal use completely different LDAP schema, and neither is interoperable with AD. RFC3244 is as good as it gets operational wise.

v2.23.0 | Report a Bug | By Email