[Ietf-krb-wg] Protocol Action: 'Kerberos Principal Name Canonicalization and KDC-Generated Cross-Realm Referrals' to Proposed Standard (draft-ietf-krb-wg-kerberos-referrals-15.txt)
The IESG <iesg-secretary@ietf.org> Mon, 01 October 2012 18:52 UTC
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4314421F893D for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Mon, 1 Oct 2012 11:52:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.599
X-Spam-Level:
X-Spam-Status: No, score=-104.599 tagged_above=-999 required=5 tests=[AWL=2.000, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KY2X+ku+bnpN for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Mon, 1 Oct 2012 11:52:07 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id DFFCF21F893C for <krb-wg-archive@lists.ietf.org>; Mon, 1 Oct 2012 11:52:06 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 3B9CA42; Mon, 1 Oct 2012 13:52:06 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 8071A8C; Mon, 1 Oct 2012 13:52:04 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 449338104B; Mon, 1 Oct 2012 13:52:04 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id D5CA481045 for <ietf-krb-wg@lists.anl.gov>; Mon, 1 Oct 2012 13:52:02 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id BDB5B7CC0CF; Mon, 1 Oct 2012 13:52:02 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 05980-04; Mon, 1 Oct 2012 13:52:02 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 98E547CC06C for <ietf-krb-wg@lists.anl.gov>; Mon, 1 Oct 2012 13:52:02 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AoYCAHflaVBAqmIenGdsb2JhbABFrG0BkVMjAQEBAQEICwkJFCeCYT9JAQcFKj4sAodqC7kai0ODAwGDIwOIWIRMiEQBgRWSHYE8
X-IronPort-AV: E=Sophos;i="4.80,517,1344229200"; d="scan'208";a="2955006"
Received: from mail.ietf.org ([64.170.98.30]) by mailgateway.anl.gov with ESMTP; 01 Oct 2012 13:52:01 -0500
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF94421F892F; Mon, 1 Oct 2012 11:52:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZDwjQ1WvKs7J; Mon, 1 Oct 2012 11:52:01 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A4B5221F8930; Mon, 1 Oct 2012 11:52:00 -0700 (PDT)
MIME-Version: 1.0
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 4.34
Message-ID: <20121001185200.20947.78567.idtracker@ietfa.amsl.com>
Date: Mon, 01 Oct 2012 11:52:00 -0700
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Cc: krb-wg mailing list <ietf-krb-wg@lists.anl.gov>, krb-wg chair <krb-wg-chairs@tools.ietf.org>, RFC Editor <rfc-editor@rfc-editor.org>
Subject: [Ietf-krb-wg] Protocol Action: 'Kerberos Principal Name Canonicalization and KDC-Generated Cross-Realm Referrals' to Proposed Standard (draft-ietf-krb-wg-kerberos-referrals-15.txt)
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov
The IESG has approved the following document: - 'Kerberos Principal Name Canonicalization and KDC-Generated Cross-Realm Referrals' (draft-ietf-krb-wg-kerberos-referrals-15.txt) as Proposed Standard This document is the product of the Kerberos Working Group. The IESG contact persons are Stephen Farrell and Sean Turner. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-krb-wg-kerberos-referrals/ Technical Summary The memo documents a method for a Kerberos Key Distribution Center (KDC) to respond to client requests for Kerberos tickets when the client does not have detailed configuration information on the realms of users or services. The KDC will handle requests for principals in other realms by returning either a referral error or a cross-realm TGT to another realm on the referral path. The clients will use this referral information to reach the realm of the target principal and then receive the ticket. This memo also provides a mechanism for verifying that a request has not been tampered with in transit. Working Group Summary This document represents the consensus of the Kerberos Working Group. Having been under development for quite some time, it has a long and somewhat complex history and has gone through several changes in editorship. It has been discussed extensively and there has been ongoing support for the functionality added by this document. Over its life, this document has undergone a number of changes. Most recently, it has been reworked to take advantage of other work done in the working group since work on this document began, resulting in a considerably simpler document which is easier both to understand and to implement. Some features which were originally planned for this document or added during its development have been removed. In some cases, this is to better align with existing and planned implementations. In others, it is because the working group has not yet been able to produce satisfactory solutions to certain problems, and so has decided to defer work on those issues. Document Quality At least two major implementations support the Kerberos protocol extensions defined in this document. Personnel The Document Shepherd for this document is Jeffrey Hutzelman. The responsible Area Director is Stephen Farrell. RFC Editor Note (1) Please insert expansions for the following acronyms: - Abstract: TGT => Ticket Granting Ticket - Section 1, Paragraph 1: AS => Authentication Service - Section 1, Paragraph 1: TGS => Ticket Granting Service - Section 1, Paragraph 2: KDC => Key Distribution Center (2) In section 11, 2nd last para, last sentence: OLD: The value for this padata item should be empty. NEW: The padata item MUST be empty on sending and the contents of the padata item MUST be ignored on receiving (3) Section 6, in the ASN.1 fragment on page 9: OLD: login-aliases [0] SEQUENCE(1..MAX) OF PrincipalName, NEW: login-aliases [0] SEQUENCE (SIZE (1..MAX)) OF PrincipalName, (4) Section 11, 3rd para: OLD: The KDC response is extended NEW: The KDC response [RFC4120] is extended _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg