Encryption and Checksum Specifications for Kerberos 5
draft-ietf-krb-wg-crypto-07
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2012-08-22
|
07 | (System) | post-migration administrative database adjustment to the No Objection position for Thomas Narten |
2012-08-22
|
07 | (System) | post-migration administrative database adjustment to the No Objection position for Allison Mankin |
2004-09-30
|
07 | Russ Housley | State Change Notice email list have been change to from |
2004-03-09
|
07 | Amy Vezza | State Changes to RFC Ed Queue from Approved-announcement sent by Amy Vezza |
2004-03-08
|
07 | Amy Vezza | IESG state changed to Approved-announcement sent |
2004-03-08
|
07 | Amy Vezza | IESG has approved the document |
2004-03-08
|
07 | Amy Vezza | Closed "Approve" ballot |
2004-03-03
|
07 | Russ Housley | State Changes to Approved-announcement to be sent from IESG Evaluation::Revised ID Needed by Russ Housley |
2004-03-03
|
07 | Thomas Narten | [Ballot Position Update] Position for Thomas Narten has been changed to No Objection from Discuss by Thomas Narten |
2004-02-11
|
07 | (System) | New version available: draft-ietf-krb-wg-crypto-07.txt |
2004-01-21
|
07 | Allison Mankin | [Ballot Position Update] Position for Allison Mankin has been changed to No Objection from Discuss by Allison Mankin |
2004-01-21
|
07 | Allison Mankin | [Ballot discuss] This is a "discuss" Discuss - This document does NOT indicate which mechanisms may be considered "required to implement". Since draft-ietf-krb-wg-kerberos-clarifications … [Ballot discuss] This is a "discuss" Discuss - This document does NOT indicate which mechanisms may be considered "required to implement". Since draft-ietf-krb-wg-kerberos-clarifications also does not specify which mechanisms are required to implement, should this document be asked to do so? It has some strong advice, so it seems that it would not be stretching so far Russ responds on 21 Jan: The requirements are a matter for the Kerberos protocol specs. The document is nearly complete, and the IESG should see it soon. So I clear my Discuss. . |
2004-01-09
|
07 | Russ Housley | State Changes to IESG Evaluation::Revised ID Needed from IESG Evaluation::AD Followup by Russ Housley |
2004-01-09
|
07 | Russ Housley | Status date has been changed to 2004-01-09 from 2003-12-17 |
2004-01-08
|
07 | Amy Vezza | Removed from agenda for telechat - 2004-01-08 by Amy Vezza |
2004-01-08
|
07 | Amy Vezza | State Changes to IESG Evaluation::AD Followup from IESG Evaluation by Amy Vezza |
2004-01-08
|
07 | Harald Alvestrand | [Ballot Position Update] New position, No Objection, has been recorded for Harald Alvestrand by Harald Alvestrand |
2004-01-08
|
07 | Ned Freed | [Ballot Position Update] New position, No Objection, has been recorded for Ned Freed by Ned Freed |
2004-01-08
|
07 | Alex Zinin | [Ballot Position Update] New position, No Objection, has been recorded for Alex Zinin by Alex Zinin |
2004-01-08
|
07 | Bert Wijnen | [Ballot Position Update] Position for Bert Wijnen has been changed to No Objection from Undefined by Bert Wijnen |
2004-01-08
|
07 | Bert Wijnen | [Ballot comment] Missing IPR statement/section |
2004-01-08
|
07 | Bert Wijnen | [Ballot Position Update] New position, Undefined, has been recorded for Bert Wijnen by Bert Wijnen |
2004-01-08
|
07 | Bill Fenner | [Ballot Position Update] New position, No Objection, has been recorded for Bill Fenner by Bill Fenner |
2004-01-08
|
07 | Thomas Narten | [Ballot discuss] This is a fairly weak discuss, but... The IANA Considerations could be more clear. > Two registries for numeric values should be … [Ballot discuss] This is a fairly weak discuss, but... The IANA Considerations could be more clear. > Two registries for numeric values should be created: Kerberos > Encryption Type Numbers and Kerberos Checksum Type Numbers. These > are signed 32-bit values in twos-complement form. Positive values up > to 2**31-1 inclusive should be assigned only for algorithms specified > in accordance with this specification for use with Kerberos or > related protocols. Negative values through -2**31 are for private > use; local and experimental algorithms should use these values. Zero > is reserved and may not be assigned. Why not use decimal numbers? For IANA (and web readers) twos-complement is hard to understand. I would understand the need for this if there was backwards compatability issues with on-the-wire stuff, but can't the numbers be described independent of encoding? (I can't recall right off a single IANA registry dealing with two's complement values...) > Specifications in Informational RFCs may be assigned values after > Expert Review. A non-IETF specification may be assigned values by What about experimental RFCs? Better: s/informational/non-standards track/ > Draft IETF specifications should not include values for encryption > and checksum type numbers. Instead, they should indicate that values s/Draft IETF ../ Internet-Drafts / or some such > Smaller encryption type values, which encode to smaller octet strings > under ASN.1, should be used for IETF standards-track mechanisms, and > much higher values (hex 0x1000000 and above) for other mechanisms. > No other guidance into allocation order is given. Can this be made more simple for IANA? |
2004-01-08
|
07 | Thomas Narten | [Ballot Position Update] New position, Discuss, has been recorded for Thomas Narten by Thomas Narten |
2004-01-08
|
07 | Jon Peterson | [Ballot Position Update] New position, No Objection, has been recorded for Jon Peterson by Jon Peterson |
2004-01-07
|
07 | Allison Mankin | [Ballot comment] The IMPLEMENTATION NOTE under the definition of initial cipher state talks about "This new specification" preventing applications from setting the DES CBC initial … [Ballot comment] The IMPLEMENTATION NOTE under the definition of initial cipher state talks about "This new specification" preventing applications from setting the DES CBC initial cipher state themselves. It's hard to tell if the author means the present document, which doesn't specify processing to that level, or kerberos-clarifications, which also doesn't seem to do so. If the author wants to use the present spec to direct new rules for handling algorithms, that seems fine, but the language needs to be more directive. This spec doesn't have draft-ietf-krb-wg-kerberos-clarifications in its references, unless I've missed something. |
2004-01-07
|
07 | Allison Mankin | [Ballot discuss] This is a "discuss" Discuss - This document does NOT indicate which mechanisms may be considered "required to implement". Since draft-ietf-krb-wg-kerberos-clarifications … [Ballot discuss] This is a "discuss" Discuss - This document does NOT indicate which mechanisms may be considered "required to implement". Since draft-ietf-krb-wg-kerberos-clarifications also does not specify which mechanisms are required to implement, should this document be asked to do so? It has some strong advice, so it seems that it would not be stretching so far. |
2004-01-07
|
07 | Allison Mankin | [Ballot Position Update] Position for Allison Mankin has been changed to Discuss from Undefined by Allison Mankin |
2004-01-07
|
07 | Allison Mankin | [Ballot Position Update] New position, Undefined, has been recorded for Allison Mankin by Allison Mankin |
2004-01-07
|
07 | Margaret Cullen | [Ballot Position Update] New position, No Objection, has been recorded for Margaret Wasserman by Margaret Wasserman |
2004-01-06
|
07 | Steven Bellovin | [Ballot Position Update] New position, No Objection, has been recorded for Steve Bellovin by Steve Bellovin |
2004-01-06
|
07 | Ted Hardie | [Ballot Position Update] Position for Ted Hardie has been changed to No Objection from Undefined by Ted Hardie |
2004-01-06
|
07 | Ted Hardie | [Ballot comment] Section 6.2 says: The DES specifications [DESI81] identify four 'weak' and twelve 'semi-weak' keys; those keys shall not be used for … [Ballot comment] Section 6.2 says: The DES specifications [DESI81] identify four 'weak' and twelve 'semi-weak' keys; those keys shall not be used for encrypting messages for use in Kerberos. Is this a SHALL NOT equivalent statement? That same section says: One common extension is to support the "AFS string-to-key" algorithm, which is not defined here, if the type value above is one (1). Is there an available reference for the "AFS string-to-key" algorithm? In general, I find the string-to-key text a little light. In the terminology section it is given as: string-to-key (UTF-8 string, UTF-8 string, opaque)->(protocol-key) This function generates a key from two UTF-8 strings and an opaque octet string. One of the strings is normally the principal's pass phrase, but is in general merely a secret string. While this seems to be fine in principle, I wonder if there might not be an early step "somestring-to-utf8string" for cases where the overall system was not provided the initial string in UTF-8. I am not suggesting that this document should cover that ground, but it does seem like explicit recognition of that step might reinforce the idea that string-to-key starts from a UTF-8 string *not* from a locale-specific encoding. See also 6.3.1, which might be taken to imply that all passwords are UTF-8. In Section A.4, The draft has this example: salt: "ATHENA.MIT.EDUJuri" + s-caron + "i" + c-acute passwd: eszett key: 16d5a40e1ce3bacb61b9dce00470324c831973a7b952feb0 Assuming that the salt given actually intends to represent UTF-8 characters outside the ASCII range (rather than the literal text "c-acute" and so forth), I would suggest using the U+XXXX method of referencing the input characters. That would result in a line like: salt: "ATHENA.MIT.EDUJuri"+"U+0161" + "i" + "U+0107" rendering the whole thing U+XXXX format would also be possible, if a bit tedious. |
2004-01-06
|
07 | Ted Hardie | [Ballot comment] Section 6.2 says: The DES specifications [DESI81] identify four 'weak' and twelve 'semi-weak' keys; those keys shall not be used for … [Ballot comment] Section 6.2 says: The DES specifications [DESI81] identify four 'weak' and twelve 'semi-weak' keys; those keys shall not be used for encrypting messages for use in Kerberos. Is this a SHALL NOT equivalent statement? That same section says: One common extension is to support the "AFS string-to-key" algorithm, which is not defined here, if the type value above is one (1). Is there an available reference for the "AFS string-to-key" algorithm? In general, I find the string-to-key text a little light. In the terminology section it is given as: string-to-key (UTF-8 string, UTF-8 string, opaque)->(protocol-key) This function generates a key from two UTF-8 strings and an opaque octet string. One of the strings is normally the principal's pass phrase, but is in general merely a secret string. While this seems to be fine in principle, I wonder if there might not be an early step "somestring-to-utf8string" for cases where the overall system was not provided the initial string in UTF-8. I am not suggesting that this document should cover that ground, but it does seem like explicit recognition of that step might reinforce the idea that string-to-key starts from a UTF-8 string *not* from a locale-specific encoding. |
2004-01-06
|
07 | Ted Hardie | [Ballot Position Update] New position, Undefined, has been recorded for Ted Hardie by Ted Hardie |
2003-12-17
|
07 | Russ Housley | State Changes to IESG Evaluation from Waiting for AD Go-Ahead::Revised ID Needed by Russ Housley |
2003-12-17
|
07 | Russ Housley | Status date has been changed to 2003-12-17 from 2003-10-08 |
2003-12-17
|
07 | Russ Housley | Placed on agenda for telechat - 2004-01-08 by Russ Housley |
2003-12-17
|
07 | Russ Housley | [Ballot Position Update] New position, Yes, has been recorded for Russ Housley |
2003-12-17
|
07 | Russ Housley | Ballot has been issued by Russ Housley |
2003-12-17
|
07 | Russ Housley | Created "Approve" ballot |
2003-12-17
|
07 | (System) | Ballot writeup text was added |
2003-12-17
|
07 | (System) | Last call text was added |
2003-12-17
|
07 | (System) | Ballot approval text was added |
2003-10-27
|
06 | (System) | New version available: draft-ietf-krb-wg-crypto-06.txt |
2003-10-08
|
07 | Russ Housley | State Changes to Waiting for AD Go-Ahead::Revised ID Needed from Waiting for Writeup by Russ Housley |
2003-10-08
|
07 | Russ Housley | Status date has been changed to 2003-10-08 from 2003-05-08 |
2003-09-22
|
07 | (System) | State has been changed to Waiting for Writeup from In Last Call by system |
2003-09-08
|
07 | Michael Lee | Last call sent |
2003-09-08
|
07 | Michael Lee | State Changes to In Last Call from Last Call Requested by Michael Lee |
2003-08-07
|
07 | Russ Housley | State Changes to Last Call Requested from AD Evaluation by Russ Housley |
2003-07-22
|
07 | Russ Housley | State Changes to AD Evaluation from Publication Requested by Housley, Russ |
2003-07-09
|
07 | Natalia Syracuse | State Changes to Publication Requested from AD Evaluation by Syracuse, Natalia |
2003-06-11
|
05 | (System) | New version available: draft-ietf-krb-wg-crypto-05.txt |
2003-05-23
|
07 | Russ Housley | State Changes to AD Evaluation from Publication Requested by Housley, Russ |
2003-05-08
|
07 | Russ Housley | Draft Added by Housley, Russ |
2003-04-04
|
04 | (System) | New version available: draft-ietf-krb-wg-crypto-04.txt |
2003-02-26
|
03 | (System) | New version available: draft-ietf-krb-wg-crypto-03.txt |
2002-10-23
|
02 | (System) | New version available: draft-ietf-krb-wg-crypto-02.txt |
2002-05-06
|
01 | (System) | New version available: draft-ietf-krb-wg-crypto-01.txt |
2002-01-10
|
00 | (System) | New version available: draft-ietf-krb-wg-crypto-00.txt |