Kerberos Authorization Data Container Authenticated by Multiple Message Authentication Codes (MACs)
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: "IETF-Announce" <email@example.com> Cc: firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com, "The IESG" <firstname.lastname@example.org>, email@example.com, firstname.lastname@example.org Subject: Protocol Action: 'Kerberos Authorization Data Container Authenticated by Multiple MACs' to Proposed Standard (draft-ietf-kitten-cammac-04.txt) The IESG has approved the following document: - 'Kerberos Authorization Data Container Authenticated by Multiple MACs' (draft-ietf-kitten-cammac-04.txt) as Proposed Standard This document is the product of the Common Authentication Technology Next Generation Working Group. The IESG contact persons are Stephen Farrell and Kathleen Moriarty. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-kitten-cammac/
Technical Summary This document specifies a Kerberos Authorization Data container that supersedes AD-KDC-ISSUED. It allows for multiple Message Authentication Codes (MACs) or signatures to authenticate the contained Authorization Data elements. This document updates RFC 4120. Working Group Summary The review process for this document was quite spread out in time, with action occurring in occasional bursts. Almost all of the Kerberos experts who regularly participate in the WG have contributed to reviewing this document at some point in its history, but not necessarily all at the same time. There was a lot of discussion around the time of the initial few revisions, but then a lull in activity. Eventually it got a lot of review comments, which resulted in some (substantive, but relatively minor) changes to the specification. It was unclear what level of review those changes had received, after essentially no comments were received during a WGLC period for the -08, so we solicited further comments at that time, and got thorough review from two Kerberos experts, which the shepherd believes is sufficient. These post-WGLC reviews were largely editorial, but there were four issues of substance that were raised, two of which received heavy There was a second last call for this document - an error was discovered when this was in the RFC editor queue, it was taken back to the WG and is now ready to jump all the hoops again. Document Quality There are not currently any implementations, but Red Hat and MIT plan to collaborate to produce an implementation. MIT has a partial implementation of an en/decoder for the ASN.1 types. (Not sure if that's still correct, but I guess it can't have gotten worse:-) Personnel The document shepherd is Benjamin Kaduk. The irresponsible Area Director is Stephen Farrell.