[Ietf-krb-wg] FAST draft 11 submitted
Sam Hartman <hartmans-ietf@mit.edu> Wed, 20 May 2009 19:18 UTC
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com
Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 481B63A6C9A for <ietfarch-krb-wg-archive@core3.amsl.com>; Wed, 20 May 2009 12:18:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.447
X-Spam-Level:
X-Spam-Status: No, score=-2.447 tagged_above=-999 required=5 tests=[AWL=0.152, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oGYS0BeGp8XT for <ietfarch-krb-wg-archive@core3.amsl.com>; Wed, 20 May 2009 12:18:01 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 11F613A6BF1 for <krb-wg-archive@lists.ietf.org>; Wed, 20 May 2009 12:18:01 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 9633FA8; Wed, 20 May 2009 14:19:38 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 56E5EC3; Wed, 20 May 2009 14:19:38 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 26F9580E01; Wed, 20 May 2009 14:19:38 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 8962180DFE for <ietf-krb-wg@lists.anl.gov>; Wed, 20 May 2009 14:19:36 -0500 (CDT)
Received: by mailhost.anl.gov (Postfix) id 83254A8; Wed, 20 May 2009 14:19:36 -0500 (CDT)
Delivered-To: ietf-krb-wg@anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 7E6D3BE for <ietf-krb-wg@anl.gov>; Wed, 20 May 2009 14:19:36 -0500 (CDT)
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 78D9EA8 for <ietf-krb-wg@anl.gov>; Wed, 20 May 2009 14:19:36 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 622DE7CC08F; Wed, 20 May 2009 14:19:36 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 01323-05; Wed, 20 May 2009 14:19:36 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 42B737CC08A for <ietf-krb-wg@anl.gov>; Wed, 20 May 2009 14:19:36 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: ApoEAEf0E0pFGcSy/2dsb2JhbAC+P4gNiE6ECAU
X-IronPort-AV: E=Sophos;i="4.41,223,1241413200"; d="scan'208";a="27215093"
Received: from carter-zimmerman.suchdamage.org ([69.25.196.178]) by mailgateway.anl.gov with ESMTP; 20 May 2009 14:19:35 -0500
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 905D4415C; Wed, 20 May 2009 15:19:32 -0400 (EDT)
To: ietf-krb-wg@anl.gov
From: Sam Hartman <hartmans-ietf@mit.edu>
Date: Wed, 20 May 2009 15:19:32 -0400
Message-ID: <tsld4a3a8fv.fsf@mit.edu>
User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux)
MIME-Version: 1.0
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Subject: [Ietf-krb-wg] FAST draft 11 submitted
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.11
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ietf-krb-wg-bounces@lists.anl.gov
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Here are the major changes.
I believe most of these have received discussion on the list.
The checksum member of the KrbFastFinished sequence has been
removed. A nonce field has been added to KrbFastResponse.
The cookie no longer needs to be outside of FAST. In fact, some
security guarantees depend on the cookie being inside FAST now
that the finish checksum has been removed. Affected that change.
Replace the rep-key field in KrbFastResponse with the strengthen-
key field. Per mailing list discussion, there are security
advantages to strengthening the reply key.
Clarify handling of authentication sets.
Include the AD-fx-fast-used authorization data type.
In addition, I included appendix A, which contains test vectors for krb-fx-cf2.
Larry has not seen the note about random nonces or the test vector
appendix. I suspect he'll agree with the content although probably
want to improve the formatting.
I believe that draft 11 is technically complete. I expect to ask Jeff
for a working group last call as soon as Larry has reviewed. I'd
definitely appreciate review of the changes in 11 to confirm that they
reflect consensus we've already achieved.
_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg
- [Ietf-krb-wg] FAST draft 11 submitted Sam Hartman
- Re: [Ietf-krb-wg] FAST draft 11 submitted Love Hörnquist Åstrand
- Re: [Ietf-krb-wg] FAST draft 11 submitted Sam Hartman
- Re: [Ietf-krb-wg] FAST draft 11 submitted Love Hörnquist Åstrand