IETF Logo Mail Archive

[Ietf-krb-wg] Rechartering

Jeffrey Hutzelman <jhutz@cmu.edu> Wed, 16 March 2011 04:31 UTC

Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com
Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 946373A6405 for <ietfarch-krb-wg-archive@core3.amsl.com>; Tue, 15 Mar 2011 21:31:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IwEIMkLSEyvl for <ietfarch-krb-wg-archive@core3.amsl.com>; Tue, 15 Mar 2011 21:31:14 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id E0CA03A659A for <krb-wg-archive@lists.ietf.org>; Tue, 15 Mar 2011 21:31:13 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 1411E1D; Tue, 15 Mar 2011 23:32:39 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 8760331; Tue, 15 Mar 2011 23:32:36 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 6455A80E93; Tue, 15 Mar 2011 23:32:36 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 36A5880E7E for <ietf-krb-wg@lists.anl.gov>; Tue, 15 Mar 2011 23:32:35 -0500 (CDT)
Received: by mailhost.anl.gov (Postfix) id 3071E1D; Tue, 15 Mar 2011 23:32:35 -0500 (CDT)
Delivered-To: ietf-krb-wg@anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 2B51531 for <ietf-krb-wg@anl.gov>; Tue, 15 Mar 2011 23:32:35 -0500 (CDT)
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 1FFF61D for <ietf-krb-wg@anl.gov>; Tue, 15 Mar 2011 23:32:35 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 089B87CC08B; Tue, 15 Mar 2011 23:32:35 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 29361-09; Tue, 15 Mar 2011 23:32:34 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id D662E7CC065 for <ietf-krb-wg@anl.gov>; Tue, 15 Mar 2011 23:32:34 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Al0AAFvaf02AAtnGkWdsb2JhbACEPqFPFAEBAQEJCwsHFAUgrziIRIhrgSeBVR+BUXYEkC0
X-IronPort-AV: E=Sophos;i="4.63,192,1299477600"; d="scan'208";a="57041182"
Received: from smtp03.srv.cs.cmu.edu ([128.2.217.198]) by mailgateway.anl.gov with ESMTP; 15 Mar 2011 23:32:34 -0500
Received: from [128.2.184.182] (JHUTZ-DYN5.PC.CS.CMU.EDU [128.2.184.182]) (authenticated bits=0) by smtp03.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id p2G4WXh4017026 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 16 Mar 2011 00:32:34 -0400 (EDT)
From: Jeffrey Hutzelman <jhutz@cmu.edu>
To: ietf-krb-wg@anl.gov
Date: Wed, 16 Mar 2011 00:32:34 -0400
Message-ID: <1300249954.22824.73.camel@destiny>
Mime-Version: 1.0
X-Mailer: Evolution 2.30.3
X-Scanned-By: mimedefang-cmuscs on 128.2.217.198
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Cc: jhutz@cmu.edu
Subject: [Ietf-krb-wg] Rechartering
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

OK, folks.  Below is draft 00 of a proposed charter update for the
Kerberos working group.  I think this covers nearly all of the proposals
I'm aware of, with the exception of KX509, which is missing from this
draft only because I'm tired and haven't figured out how to write it up.

A couple of notes...

- This covers only the "Description of Working Group" part of the
  charter, which should be the only part needing group discussion.
  Milestones will be by agreement between the chairs, authors, and AD,
  and the rest is formulaic.

- I believe we work most effectively with a set of reasonable focused
  tasks, rather than a broad unrestricted mandate.  Therefore, the
  work items in this proposal tend to be fairly focused.  The major
  exception is enctype work, because it has been clearly demonstrated
  that we need the flexibility to adopt or review work in this area
  as needed and on an ongoing basis.

- Generally, I believe working groups should be chartered to solve
  specific problems, rather than to work on specific documents.  I
  also believe that charters should usually leave the working group
  free to choose the most appropriate solution or to develop more than
  one solution when circumstances warrant.  Therefore, the work items
  in this proposal tend to focus on a problem without mandating any
  particular solution, and except for the "Complete existing work"
  item, do not name specific documents.

- Formally, charter updates do not require working group consensus;
  rather, they are a matter for the IESG and the responsible AD.
  However, in practice, a charter which is supported by a consensus
  of the working group is likely to be adopted with little difficulty,
  especially if there is demonstrated support in the form of volunteers
  willing to contribute to, edit, and review documents.  Therefore, I
  intend to send this on only when I believe that such a consensus and
  support exists.

Please send any comments to me and/or to the list.

-- Jeff

Description of Working Group:

Kerberos over the years has been ported to virtually every operating
system.  There are at least two open source versions, with numerous
commercial versions based on these and other proprietary implementations.
Kerberos evolution has continued in recent years, with the development
of new crypto and preauthentication frameworks, support for initial
authentication using public keys, improved support for protecting
clients' long-term keys during initial authentication, support for
anonymous and partially-anonymous authentication, and numerous
extensions developed in and out of the IETF.

However, wider deployment and advances in technology bring with them
both new challenges and new opportunities, such as exploring support
for new mechanisms for initial authentication, new cryptographic
technologies, and better integration of Kerberos with other systems
for authentication, authorization, and identity management.
In addition, several key features remain undefined.

The Kerberos Working Group will continue to improve the core Kerberos
specification, develop extensions to address new needs and technologies
related to the areas described above, and produce specifications for
missing functionality.


Specifically, the Working Group will:

* Complete existing work, including:
   - DHCP Option               (draft-sakane-dhc-dhcpv6-kdc-option-09.txt)
   - KDC Data Model            (draft-ietf-krb-wg-kdc-model-08.txt)
   - One-Time Passwords        (draft-ietf-krb-wg-otp-preauth-13.txt)
   - IAKERB                    (draft-ietf-krb-wg-iakerb-02.txt)
   - Single-DES Deprecation    (draft-lha-des-die-die-die-05.txt)

   - Hash agility for GSS-KRB5 (draft-ietf-krb-wg-gss-cb-hash-agility-05.txt)
   - Hash agility for PKINIT   (draft-ietf-krb-wg-pkinit-alg-agility-04.txt)
   - Referrals                 (draft-ietf-krb-wg-kerberos-referrals-11.txt)
   - Set/Change Password       (draft-ietf-krb-wg-kerberos-set-passwd-06.txt)

* Prepare and advance one or more standards-track specifications which
  update the Kerberos version 5 protocol in a backward-compatible way
  to support non-ASCII principal and realm names, salt strings, and
  passwords, and localized error reporting.
  
* Prepare and advance one or more standards-track specifications which
  update the Kerberos version 5 protocol in a backward-compatible way
  to enable future protocol revisions and extensions.

* Prepare, review, and advance standards-track and informational
  specifications defining use of new cryptographic algorithms in the
  Kerberos protocol, on an ongoing basis.

* Prepare and advance one or more standards-track specifications
  defining a generalized Principal Authorization Data (PAD) structure
  for conveying authorization-related information.

* Prepare and advance one or more standards-track specifications
  which define mechanisms for establishing keys and configuration
  information used during authentication between Kerberos realms.
  
* Prepare and advance a standards-track specification defining a
  format for the transport of Kerberos credentials within other
  protocols.

* Produce an LDAP schema for management of the KDC's database.


_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg

v2.23.0 | Report a Bug | By Email