Re: [Ietf-krb-wg] Kitten and Kerberos WG Merger - New Charter
t.p. <daedulus@btconnect.com> Sat, 05 January 2013 12:23 UTC
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D36721F86D6 for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Sat, 5 Jan 2013 04:23:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OqhwB7B84Dhb for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Sat, 5 Jan 2013 04:23:12 -0800 (PST)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id 123D521F86D5 for <krb-wg-archive@lists.ietf.org>; Sat, 5 Jan 2013 04:23:11 -0800 (PST)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 4A03A39; Sat, 5 Jan 2013 06:23:11 -0600 (CST)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id EEBF355; Sat, 5 Jan 2013 06:23:08 -0600 (CST)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id B658254C03F; Sat, 5 Jan 2013 06:23:08 -0600 (CST)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id EA00681129 for <ietf-krb-wg@lists.anl.gov>; Sat, 5 Jan 2013 06:23:07 -0600 (CST)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id CFC437CC09C; Sat, 5 Jan 2013 06:23:07 -0600 (CST)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 14359-05; Sat, 5 Jan 2013 06:23:07 -0600 (CST)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id A28197CC093 for <ietf-krb-wg@lists.anl.gov>; Sat, 5 Jan 2013 06:23:07 -0600 (CST)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AitUALAa6FDYILW3nGdsb2JhbABFDoVphHATsVcDgRgOAQEBAQEICwkJFCeCGQUBAQEBAgEBAQEFAQEIRhYLCwEBAwUCBA4HAQIJJRQBBA4BCyQGDgUKAQIDAQ4Dh28GDJhqDAJ4AQGKKAGQJASMdxuEAwOILIsxiCONCj6CJg
X-IronPort-AV: E=Sophos;i="4.84,415,1355119200"; d="scan'208";a="9179909"
Received: from ch1ehsobe003.messaging.microsoft.com (HELO ch1outboundpool.messaging.microsoft.com) ([216.32.181.183]) by mailgateway.anl.gov with ESMTP/TLS/AES128-SHA; 05 Jan 2013 06:23:07 -0600
Received: from mail202-ch1-R.bigfish.com (10.43.68.245) by CH1EHSOBE005.bigfish.com (10.43.70.55) with Microsoft SMTP Server id 14.1.225.23; Sat, 5 Jan 2013 12:23:05 +0000
Received: from mail202-ch1 (localhost [127.0.0.1]) by mail202-ch1-R.bigfish.com (Postfix) with ESMTP id 2C79B60187; Sat, 5 Jan 2013 12:23:05 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:157.56.253.197; KIP:(null); UIP:(null); IPV:NLI; H:DBXPRD0710HT002.eurprd07.prod.outlook.com; RD:none; EFVD:NLI
X-SpamScore: -22
X-BigFish: PS-22(zz98dI9371I936eI542I1432I1418Izz1de0h1202h1e76h1d1ah1d2ahzz8275dh1033ILz2dh2a8h5a9h668h839h947hd24hf0ah1177h1179h1288h12a5h12a9h12bdh137ah139eh13b6h1441h1504h1537h162dh1631h1758h17f1h304l1155h)
Received: from mail202-ch1 (localhost.localdomain [127.0.0.1]) by mail202-ch1 (MessageSwitch) id 1357388583199370_21815; Sat, 5 Jan 2013 12:23:03 +0000 (UTC)
Received: from CH1EHSMHS013.bigfish.com (snatpool1.int.messaging.microsoft.com [10.43.68.247]) by mail202-ch1.bigfish.com (Postfix) with ESMTP id 2261C220482; Sat, 5 Jan 2013 12:23:03 +0000 (UTC)
Received: from DBXPRD0710HT002.eurprd07.prod.outlook.com (157.56.253.197) by CH1EHSMHS013.bigfish.com (10.43.70.13) with Microsoft SMTP Server (TLS) id 14.1.225.23; Sat, 5 Jan 2013 12:23:00 +0000
Received: from DBXPRD0611HT001.eurprd06.prod.outlook.com (157.56.254.85) by pod51017.outlook.com (10.255.79.165) with Microsoft SMTP Server (TLS) id 14.16.245.2; Sat, 5 Jan 2013 12:22:58 +0000
Message-ID: <013401cdeb3f$17379cc0$4001a8c0@gateway.2wire.net>
From: "t.p." <daedulus@btconnect.com>
To: Jeffrey Hutzelman <jhutz@cmu.edu>
References: <50E6966D.9040704__49484.1541782536$1357289172$gmane$org@oracle.com><87mwwp19io.fsf@latte.josefsson.org> <1357326252.18192.188.camel@destiny.pc.cs.cmu.edu>
Date: Sat, 05 Jan 2013 12:20:35 +0000
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Originating-IP: [157.56.254.85]
X-OriginatorOrg: btconnect.com
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Cc: ietf-krb-wg@lists.anl.gov, jhutz@cmu.edu
Subject: Re: [Ietf-krb-wg] Kitten and Kerberos WG Merger - New Charter
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov
----- Original Message ----- From: "Jeffrey Hutzelman" <jhutz@cmu.edu> To: "Simon Josefsson" <simon@josefsson.org> Cc: <kitten@ietf.org>; <ietf-krb-wg@lists.anl.gov>; <jhutz@cmu.edu> Sent: Friday, January 04, 2013 7:04 PM > On Fri, 2013-01-04 at 12:18 +0100, Simon Josefsson wrote: > > > > This charter subsumes the Kerberos WG under the auspices of the kitten WG. > > > Therefore the following charter text contains both kitten and Kerberos WG items. > > > > I suggest to remove this paragraph. I don't see significant value in > > having that in the WG charter, and it seems confusing for anyone not > > familiar with the history. > > That was actually put in as a way of recording the history and giving > people not familiar with it a way to find older Kerberos-related work. > However, it was not the topic of a lot of wordsmithing, and I don't > think anyone who contributed to this proposal is wedded to that > language. So, if someone wants to propose alternate text... "This charter combines the work of the Kerberos WG and the kitten WG (under the aegis of the kitten WG). In places, it identifies which WG was previously home for that work. " I think that some text is required, for this and perhaps a further update to the charter, should one occur in the next year or two. Tom Petch > > > KDC Model (draft-ietf-krb-wg-kdc-model) > > > > Long overdue. I have always preferred that this document shipped > > together with an instanciation of it, such as an LDAP schema. I based > > my KDC backend database on an earlier version of this draft, but the > > document has changed since then. Without implementations it is > > difficult to know whether there are flaws in the abstract model. > > It's certainly not going to ship "together with" a schema. While I've > heard various people speak in favor of having an LDAP schema over the > years, including at the last krb-wg rechartering, there doesn't seem to > be enough interest in actually working on it for anything to happen. > The model document is nearly done (in the hands of the IESG, except for > revisions Leif recently posted to the list on which there have _still_ > been no comments). It's not going to sit around and wait for additional > work that may never happen. > > > > > > PKINIT Hash Agility (draft-ietf-krb-wg-pkinit-alg-agility) > > > Kerberos IANA Registry (draft-ietf-kitten-kerberos-iana-registries) > > > Initial and Pass Through Authentication in Kerberos 5 (draft-ietf-krb-wg-iakerb) > > > Unencrypted Portion of Ticket Extensions (draft-ietf-krb-wg-ticket-extensions) > > > > No objection. > > ... but will you work on any of these items? Review them? > > IAKERB was basically done some time ago, but needs an editor to manage > the document through the various review processes on the way to getting > it published. > > Ticket Extensions is a mostly complete proposal which krb-wg adopted > some years ago, and which has languished since due to lack of cycles. > This document is at version -00, and will probably need a couple of > editing cycles before it reaches WGLC; it would be nice to see someone > step up to do that work. > > > > > Define interfaces for better error message reporting. > > > > I'd rather not spend time on that. Do we have a problem statement to > > argue why this is important? > > The GSS-API's error reporting interfaces are somewhat clunky, to say the > least. It is certainly possible to get a complete set of error > messages, but since there is no connection to a particular context, it > is unnecessarily complex for the implementation to report contextualized > errors, especially when multiple threads and/or mechanisms are involved. > Additionally, there is no mechanism for localization of error message > text. > > > > > Good idea -- will review. > > > > > Cryptographic algorithms intended for standards track status must be of > > > good quality, have broad international support, and fill a definite need. > > > > IMHO this sentence is weasel-wording to motivate arbitrary decisions to > > match some people's crypto preferences. The IETF already have policies > > around crypto (for example RFC 1984) that are sufficient motivation to > > turn down obviously bad proposals. When a proposal is not obviously > > bad, I belive the WG should be able to review any proposal with > > non-judgemental eyes. > > We had this discussion during krb-wg's last rechartering, and this > wording is the result of that hard-won consensus. It doesn't prevent > the WG from reviewing any proposal and even taking on work to produce an > informational document. > > It does constrain what can end up on the standards track. In practice, > I don't think the constraint is overly onerous. For example, what kept > camellia from being published on the standards track was not this > requirement, but the lack of consensus within the WG to recommend it. > > > > > > Goals and Milestones > > > -------------------- > > > > > > Jan 2013 draft-ietf-kitten-sasl-oauth to IESG > > > Jan 2013 draft-ietf-krb-wg-kdc-model to IESG > > > Feb 2013 draft-ietf-krb-wg-pkinit-alg-agility to IESG > > > Feb 2013 draft-ietf-kitten-sasl-saml-ec to IESG > > > Mar 2013 draft-ietf-krb-wg-iakerb to IESG > > > Mar 2013 draft-ietf-kitten-gssapi-extensions-iana to IESG > > > Apr 2013 draft-ietf-krb-wg-cammac to IESG > > > Apr 2013 draft-ietf-kitten-kerberos-iana-registries to IESG > > > May 2013 draft-ietf-krb-wg-pad to IESG > > > May 2013 Adopt work on one or more items for GSS-API cred management > > > Jun 2013 Adopt work on better error reporting in the GSS-API > > > Jun 2013 Adopt work on exporting partially-established GSS-API contexts > > > Jul 2013 draft-ietf-krb-wg-ticket-extensions to IESG > > > Jul 2013 Adopt work on the GSS-API for replay cache avoidance > > > > I believe the targets are unrealistically optimistic, however my > > perception is that the only purpose for having dates in the milestones > > is to enable IESG to put pressure on WG's to deliver. So I support > > setting an aggresive timeline. > > I agree that some of these are pretty optimistic. However, at least > some of the early ones look OK. For example, kdc-model, pkinit-agility, > and iakerb should all already be done enough to make or beat those > deadlines, so I have no objections to them. > > I can't speak to the GSS/SASL documents with early milestones, except > that I do not believe the SASL OAuth document is ready to go -- it has a > serious problem with the mechanism lying about mutual authentication, > which I raised last month and to which I so far have seen no response. > > -- Jeff > > _______________________________________________ > ietf-krb-wg mailing list > ietf-krb-wg@lists.anl.gov > https://lists.anl.gov/mailman/listinfo/ietf-krb-wg > _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg
- [Ietf-krb-wg] Kitten and Kerberos WG Merger - New… Shawn Emery
- Re: [Ietf-krb-wg] Kitten and Kerberos WG Merger -… Simon Josefsson
- Re: [Ietf-krb-wg] Kitten and Kerberos WG Merger -… Jeffrey Hutzelman
- Re: [Ietf-krb-wg] Kitten and Kerberos WG Merger -… t.p.
- Re: [Ietf-krb-wg] [kitten] Kitten and Kerberos WG… Leif Johansson
- Re: [Ietf-krb-wg] [kitten] Kitten and Kerberos WG… Howard Chu
- Re: [Ietf-krb-wg] [kitten] Kitten and Kerberos WG… Jeffrey Hutzelman
- Re: [Ietf-krb-wg] [kitten] Kitten and Kerberos WG… Jeffrey Hutzelman
- Re: [Ietf-krb-wg] [kitten] Kitten and Kerberos WG… Leif Johansson
- Re: [Ietf-krb-wg] Kitten and Kerberos WG Merger -… Simon Josefsson
- Re: [Ietf-krb-wg] [kitten] Kitten and Kerberos WG… Simon Josefsson
- Re: [Ietf-krb-wg] [kitten] Kitten and Kerberos WG… Alexey Melnikov