[kitten] I-D: Pseudonymity Support for Kerberos
Rick van Rein <rick@openfortress.nl> Sat, 10 October 2015 07:47 UTC
Return-Path: <rick@openfortress.nl>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9F6C1B3457 for <kitten@ietfa.amsl.com>; Sat, 10 Oct 2015 00:47:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7gs7XxqBxDlY for <kitten@ietfa.amsl.com>; Sat, 10 Oct 2015 00:47:34 -0700 (PDT)
Received: from lb1-smtp-cloud3.xs4all.net (lb1-smtp-cloud3.xs4all.net [194.109.24.22]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 035501B3456 for <kitten@ietf.org>; Sat, 10 Oct 2015 00:47:33 -0700 (PDT)
Received: from airhead.local ([83.161.146.46]) by smtp-cloud3.xs4all.net with ESMTP id TKnW1r00110HQrX01KnXfQ; Sat, 10 Oct 2015 09:47:31 +0200
Message-ID: <5618C290.7030306@openfortress.nl>
Date: Sat, 10 Oct 2015 09:47:28 +0200
From: Rick van Rein <rick@openfortress.nl>
User-Agent: Postbox 3.0.11 (Macintosh/20140602)
MIME-Version: 1.0
To: "kitten@ietf.org" <kitten@ietf.org>
X-Enigmail-Version: 1.2.3
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/yN_P-r-dd9Q0SDO57XXPitfqHbg>
Subject: [kitten] I-D: Pseudonymity Support for Kerberos
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Oct 2015 07:47:37 -0000
Hello Kitten, I've posted an I-D to support pseudonymity in Kerberos; I would like to have this more refined privacy model for realm crossover to diminish trust assumptions that need to be made on foreign realms. Briefly put, pseudonyms can be applied during TGS, based on a KDC option + ticket flag. When the ticket flag is set, the KDC is assumed to support pseudonymity, and the cname field in TGS-REQ can be filled with a requested client name; when left out, the KDC is given the permission to apply pseudonymity if it feels like it. Any comments on this are highly appreciated. -Rick > *From:* internet-drafts@ietf.org > *Date:* 10 October 2015 09:37 > *To:* "Rick van Rein" <rick@openfortress.nl> > *Subject:* New Version Notification for > draft-vanrein-kitten-krb-pseudonymity-00.txt > A new version of I-D, draft-vanrein-kitten-krb-pseudonymity-00.txt > has been successfully submitted by Rick van Rein and posted to the > IETF repository. > > Name: draft-vanrein-kitten-krb-pseudonymity > Revision: 00 > Title: Pseudonymity Support for Kerberos > Document date: 2015-10-10 > Group: Individual Submission > Pages: 7 > URL: https://www.ietf.org/internet-drafts/draft-vanrein-kitten-krb-pseudonymity-00.txt > Status: https://datatracker.ietf.org/doc/draft-vanrein-kitten-krb-pseudonymity/ > Htmlized: https://tools.ietf.org/html/draft-vanrein-kitten-krb-pseudonymity-00 > > > Abstract: > Kerberos either retains client identity in all its ticket > transformations, or it applies rigorous anonymity. When crossing > over to another realm, an intermediate privacy measure is often > desired, namely pseudonymity, as described in this specification. > > The IETF Secretariat >
- [kitten] I-D: Pseudonymity Support for Kerberos Rick van Rein