[Ietf-krb-wg] WG Action: RECHARTER: Kerberos (krb-wg)
IESG Secretary <iesg-secretary@ietf.org> Tue, 28 June 2011 16:45 UTC
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 81E1A21F863D for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Tue, 28 Jun 2011 09:45:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.318
X-Spam-Level:
X-Spam-Status: No, score=-104.318 tagged_above=-999 required=5 tests=[AWL=2.281, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X1ebBwG0rh7M for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Tue, 28 Jun 2011 09:45:57 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id 6CEB721F863C for <krb-wg-archive@lists.ietf.org>; Tue, 28 Jun 2011 09:45:54 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id C5AEC75; Tue, 28 Jun 2011 11:45:53 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 830BE5A; Tue, 28 Jun 2011 11:45:51 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 6A95C80E9C; Tue, 28 Jun 2011 11:45:51 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id D4E5880E9B for <ietf-krb-wg@lists.anl.gov>; Tue, 28 Jun 2011 11:45:50 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id BF8CF7CC05A; Tue, 28 Jun 2011 11:45:50 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 29362-05; Tue, 28 Jun 2011 11:45:50 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 8FF727CC056 for <ietf-krb-wg@lists.anl.gov>; Tue, 28 Jun 2011 11:45:50 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgwCACAECk5AqmIekmdsb2JhbABFCgOESZQDAY5zFAEBAQEJCwsHEie4QJEggSuBdR+BZYEMBIc0iF6BfpBB
X-IronPort-AV: E=Sophos;i="4.65,437,1304312400"; d="scan'208";a="62593109"
Received: from mail.ietf.org ([64.170.98.30]) by mailgateway.anl.gov with ESMTP; 28 Jun 2011 11:45:50 -0500
Received: by ietfa.amsl.com (Postfix, from userid 30) id 93FCE21F8614; Tue, 28 Jun 2011 09:45:49 -0700 (PDT)
From: IESG Secretary <iesg-secretary@ietf.org>
To: IETF Announcement list <ietf-announce@ietf.org>
Mime-Version: 1.0
Message-Id: <20110628164549.93FCE21F8614@ietfa.amsl.com>
Date: Tue, 28 Jun 2011 09:45:49 -0700
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Cc: ietf-krb-wg@lists.anl.gov, hartmans-ietf@mit.edu, jhutz@cmu.edu
Subject: [Ietf-krb-wg] WG Action: RECHARTER: Kerberos (krb-wg)
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov
The Kerberos (krb-wg) working group in the Security Area of the IETF has been rechartered. For additional information, please contact the Area Directors or the working group Chairs. Kerberos (krb-wg) -------------------------------------------------- Current Status: Active Working Group Chairs: Sam Hartman <hartmans-ietf@mit.edu> Jeffrey Hutzelman <jhutz@cmu.edu> Larry Zhu <larry.zhu@microsoft.com> Security Area Directors: Stephen Farrell <stephen.farrell@cs.tcd.ie> Sean Turner <turners@ieca.com> Security Area Advisor: Stephen Farrell <stephen.farrell@cs.tcd.ie> Mailing Lists: General Discussion: ietf-krb-wg@lists.anl.gov To Subscribe: https://lists.anl.gov/mailman/listinfo/ietf-krb-wg Archive: https://lists.anl.gov/pipermail/ietf-krb-wg/ Description of Working Group: Kerberos over the years has been ported to virtually every operating system. There are at least two open source versions, with numerous commercial versions based on these and other proprietary implementations. Kerberos evolution has continued in recent years, with the development of new crypto and preauthentication frameworks, support for initial authentication using public keys, improved support for protecting clients' long-term keys during initial authentication, support for anonymous and partially-anonymous authentication, and numerous extensions developed in and out of the IETF. However, wider deployment and advances in technology bring with them both new challenges and new opportunities, such as exploring support for new mechanisms for initial authentication, new cryptographic technologies, and better integration of Kerberos with other systems for authentication, authorization, and identity management. In addition, several key features remain undefined. The Kerberos Working Group will continue to improve the core Kerberos specification, develop extensions to address new needs and technologies related to the areas described above, and produce specifications for missing functionality. Specifically, the Working Group will: * Complete existing work, including: - DHCP Option (draft-sakane-dhc-dhcpv6-kdc-option-10.txt) - KDC Data Model (draft-ietf-krb-wg-kdc-model-09.txt) - One-Time Passwords (draft-ietf-krb-wg-otp-preauth-16.txt) - IAKERB (draft-ietf-krb-wg-iakerb-02.txt) - Single-DES Deprecation (draft-lha-des-die-die-die-05.txt) - IANA registry creation (draft-lha-krb-wg-some-numbers-to-iana) - Hash agility for GSS-KRB5 (draft-ietf-krb-wg-gss-cb-hash-agility-06.txt) - Hash agility for PKINIT (draft-ietf-krb-wg-pkinit-alg-agility-05.txt) - Referrals (draft-ietf-krb-wg-kerberos-referrals-12.txt) - Set/Change Password (draft-ietf-krb-wg-kerberos-set-passwd-08.txt) * Prepare and advance one or more standards-track specifications which update the Kerberos version 5 protocol to support non-ASCII principal and realm names, salt strings, and passwords, and localized error reporting. Maximizing backward compatibility is strongly desired. * Prepare and advance one or more standards-track specifications which update the Kerberos version 5 protocol in a backward-compatible way to support extending the unencrypted portion of a Kerberos ticket. * Prepare, review, and advance standards-track and informational specifications defining use of new cryptographic algorithms in the Kerberos protocol, on an ongoing basis. * Prepare, review, and advance standards-track and informational specifications defining use of new cryptographic algorithms in Kerberos using the RFC3961 framework. Cryptographic algorithms intended for standards track status must be of good quality, have broad international support, and fill a definite need. * Prepare, review, and advance standards-track and informational specifications defining new authorization data types for carrying supplemental information about the client to which a Kerberos ticket has been issued and/or restrictions on what the ticket can be used for. To enhance this ongoing authorization data work, a container format supporting the use cases of draft-sorce-krbwg-general-pac-01 may be standardized. * Prepare a standards-track protocol to solve the use cases addressed by draft-hotz-kx509-01 including new support for digital signatures. * Prepare and advance one or more standards-track specifications which define mechanisms for establishing keys and configuration information used during authentication between Kerberos realms. * Prepare and advance a standards-track specification defining a format for the transport of Kerberos credentials within other protocols. * Today Kerberos requires a replay cache to be used in AP exchanges in almost all cases. Replay caches are quite complex to implement correctly, particularly in clustered systems. High-performance replay caches are even more difficult to implement. The WG will pursue extensions to minimize the need for replay caching, optimize replay caching, and/or elide the need for replay caching. * Produce an LDAP schema for management of the KDC's database. Goals and Milestones: Oct 2011 Internationalized error support to IESG Dec 2011 Kerberos PAD authorization data to IESG Aug 2011 draft-ietf-krb-wg-clear-text-cred to IESG Aug 2011 draft-ietf-krbwg-camellia-cts to IESG Sep 2011 DHCP option for Kerberos to IESG Dec 2011 Consider adopting kx509bis in response to use cases in draft-hotz-kx509-01 Aug 2011 draft-ietf-krb-wg-des-die-die-die to IESG Oct 2011 draft-ietf-krb-wg-pkinit-alg-agility to IESG _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg
- [Ietf-krb-wg] WG Action: RECHARTER: Kerberos (krb… IESG Secretary