Advanced Encryption Standard (AES) Encryption for Kerberos 5
draft-raeburn-krb-rijndael-krb-07
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2012-08-22
|
07 | (System) | post-migration administrative database adjustment to the No Objection position for Scott Hollenbeck |
2012-08-22
|
07 | (System) | post-migration administrative database adjustment to the No Objection position for Ted Hardie |
2004-09-30
|
07 | Russ Housley | State Change Notice email list have been change to , from |
2004-08-10
|
07 | Amy Vezza | State Changes to RFC Ed Queue from Approved-announcement sent by Amy Vezza |
2004-08-09
|
07 | Amy Vezza | IESG state changed to Approved-announcement sent |
2004-08-09
|
07 | Amy Vezza | IESG has approved the document |
2004-08-09
|
07 | Amy Vezza | Closed "Approve" ballot |
2004-08-09
|
07 | Russ Housley | State Changes to Approved-announcement to be sent from IESG Evaluation::AD Followup by Russ Housley |
2004-08-09
|
07 | Ted Hardie | [Ballot Position Update] Position for Ted Hardie has been changed to No Objection from Discuss by Ted Hardie |
2004-08-04
|
07 | Scott Hollenbeck | [Ballot Position Update] Position for Scott Hollenbeck has been changed to No Objection from Discuss by Scott Hollenbeck |
2004-07-21
|
07 | (System) | New version available: draft-raeburn-krb-rijndael-krb-07.txt |
2004-07-09
|
07 | (System) | Removed from agenda for telechat - 2004-07-08 |
2004-07-08
|
07 | Amy Vezza | State Changes to IESG Evaluation::AD Followup from IESG Evaluation by Amy Vezza |
2004-07-08
|
07 | Amy Vezza | [Ballot Position Update] New position, No Objection, has been recorded for Alex Zinin by Amy Vezza |
2004-07-08
|
07 | Amy Vezza | [Ballot Position Update] New position, No Objection, has been recorded for David Kessens by Amy Vezza |
2004-07-08
|
07 | Margaret Cullen | [Ballot Position Update] New position, No Objection, has been recorded for Margaret Wasserman by Margaret Wasserman |
2004-07-08
|
07 | Bert Wijnen | [Ballot Position Update] New position, No Objection, has been recorded for Bert Wijnen by Bert Wijnen |
2004-07-08
|
07 | Allison Mankin | [Ballot comment] I see this document is blocking its ref KRYPTO in the rfc-editor queue - hopefully the rfc-ed will resolve the ref quickly, even … [Ballot comment] I see this document is blocking its ref KRYPTO in the rfc-editor queue - hopefully the rfc-ed will resolve the ref quickly, even though the ref has an xx in place of 06. There's a nice dependendency that will resolve out of this doc. |
2004-07-08
|
07 | Allison Mankin | [Ballot Position Update] Position for Allison Mankin has been changed to No Objection from Undefined by Allison Mankin |
2004-07-08
|
07 | Allison Mankin | [Ballot comment] Was this a krb-wg document? Since its title is not typical, it would be good for the writeup to give assurance on the … [Ballot comment] Was this a krb-wg document? Since its title is not typical, it would be good for the writeup to give assurance on the degree of consensus. About the above - it's not possible to delete a comment (!) even after one reads the writeup better!!! |
2004-07-08
|
07 | Allison Mankin | [Ballot comment] Was this a krb-wg document? Since its title is not typical, it would be good for the writeup to give assurance on the … [Ballot comment] Was this a krb-wg document? Since its title is not typical, it would be good for the writeup to give assurance on the degree of consensus. |
2004-07-08
|
07 | Allison Mankin | [Ballot Position Update] New position, Undefined, has been recorded for Allison Mankin by Allison Mankin |
2004-07-08
|
07 | Bill Fenner | [Ballot Position Update] New position, No Objection, has been recorded for Bill Fenner by Bill Fenner |
2004-07-06
|
07 | Steven Bellovin | [Ballot Position Update] New position, No Objection, has been recorded for Steve Bellovin by Steve Bellovin |
2004-07-06
|
07 | Ted Hardie | [Ballot comment] In Section 4, the draft says: For environments where slower hardware is the norm, implementations may wish to limit the number … [Ballot comment] In Section 4, the draft says: For environments where slower hardware is the norm, implementations may wish to limit the number of iterations to prevent a spoofed response from consuming lots of client-side CPU time; It would be valuable to tie back into Kerberos spec here, as "spoofed response" appears here without reference to what part of the Kerberos exchange is at issue. In the Security Considerations, the draft says: A better way to deal with the brute-force attack is through preauthentication mechanisms that provide better protection of the user's long-term key. Use of such mechanisms is out of scope for this document. If a site does wish to use this means of protection against a brute- force attack, the iteration count should be chosen based on the facilities expected to be available to an attacker, and the amount of work the attacker should be required to perform to acquire the key or password. Would it not need to be "chosen based on the facilities available to both attacker and legitimate user"? If the attackers are presumed to have much greater facilities than the legitimate end user, relatively frequent password and salt changes may be needed to compensate, but it is still possible to take the legitimate user's facilities into account. |
2004-07-06
|
07 | Ted Hardie | [Ballot comment] In Section 4, the draft says: For environments where slower hardware is the norm, implementations may wish to limit the number … [Ballot comment] In Section 4, the draft says: For environments where slower hardware is the norm, implementations may wish to limit the number of iterations to prevent a spoofed response from consuming lots of client-side CPU time; It would be valuable to tie back into KRB spec here, as "spoofed response" appears here without reference to what part of the Kerberos exchange is at issue. In the Security Considerations, the draft says: A better way to deal with the brute-force attack is through preauthentication mechanisms that provide better protection of the user's long-term key. Use of such mechanisms is out of scope for this document. If a site does wish to use this means of protection against a brute- force attack, the iteration count should be chosen based on the facilities expected to be available to an attacker, and the amount of work the attacker should be required to perform to acquire the key or password. Would it not need to be "chosen bad on the facilities available to both attacker and legitimate user"? If the attackers are presumed to have much greater facilities than the legitimate end user, relatively frequent password and salt changes may be needed to compensate, but it is still possible to take the legitimate user's facilities into account. |
2004-07-06
|
07 | Ted Hardie | [Ballot discuss] I'm concerned about the way the document specifies the errata in 2040; the text does not seem to match http://www.rfc-editor.org/cgi-bin/errataSearch.pl?rfc=2040& The last erratum … [Ballot discuss] I'm concerned about the way the document specifies the errata in 2040; the text does not seem to match http://www.rfc-editor.org/cgi-bin/errataSearch.pl?rfc=2040& The last erratum does not appear to exist in the RFC Editor's errataSearch. The right, but no doubt painful answer, is probably to update 2040 so that the errata are not needed. Short of that, it seems like the right thing to do is to make clear which set of errata are normative for this document and whether they would be normative for any other use of 2040. |
2004-07-06
|
07 | Ted Hardie | [Ballot Position Update] New position, Discuss, has been recorded for Ted Hardie by Ted Hardie |
2004-06-25
|
07 | Scott Hollenbeck | [Ballot discuss] Section 2 mentions RFC 2119 as the source for key word definitions, but 2119 is not cited as a normative reference. It should … [Ballot discuss] Section 2 mentions RFC 2119 as the source for key word definitions, but 2119 is not cited as a normative reference. It should be if the intention is to use those key words. However, I can't find any of the upper-case key words used in the document! There are several uses of some of the words in lower case, though, so I'm not sure of how to interpret the conformance requirements. |
2004-06-25
|
07 | Scott Hollenbeck | [Ballot Position Update] Position for Scott Hollenbeck has been changed to Discuss from Undefined by Scott Hollenbeck |
2004-06-25
|
07 | Scott Hollenbeck | [Ballot comment] The "Comments should be sent to the author, or to the IETF Kerberos working group (ietf-krb-wg@anl.gov)." text at the end of … [Ballot comment] The "Comments should be sent to the author, or to the IETF Kerberos working group (ietf-krb-wg@anl.gov)." text at the end of the abstract should be removed. The second-to-last paragraph in section 4 uses "NOT" in a way that makes it look like a 2119 key word. It isn't, though, so it would be better used in lower case text. |
2004-06-25
|
07 | Scott Hollenbeck | [Ballot Position Update] New position, Undefined, has been recorded for Scott Hollenbeck by Scott Hollenbeck |
2004-06-23
|
07 | Russ Housley | [Ballot Position Update] New position, Yes, has been recorded for Russ Housley |
2004-06-23
|
07 | Russ Housley | Ballot has been issued by Russ Housley |
2004-06-23
|
07 | Russ Housley | Created "Approve" ballot |
2004-06-23
|
07 | Russ Housley | State Changes to IESG Evaluation from Waiting for AD Go-Ahead by Russ Housley |
2004-06-23
|
07 | Russ Housley | Placed on agenda for telechat - 2004-07-08 by Russ Housley |
2004-05-06
|
07 | (System) | State has been changed to Waiting for AD Go-Ahead from In Last Call by system |
2004-04-22
|
06 | (System) | New version available: draft-raeburn-krb-rijndael-krb-06.txt |
2004-04-13
|
07 | Amy Vezza | Last call sent |
2004-04-13
|
07 | Amy Vezza | State Changes to In Last Call from Last Call Requested by Amy Vezza |
2004-04-11
|
07 | Russ Housley | Last Call was requested by Russ Housley |
2004-04-11
|
07 | Russ Housley | State Changes to Last Call Requested from AD Evaluation by Russ Housley |
2004-04-11
|
07 | (System) | Ballot writeup text was added |
2004-04-11
|
07 | (System) | Last call text was added |
2004-04-11
|
07 | (System) | Ballot approval text was added |
2004-04-04
|
07 | Russ Housley | State Changes to AD Evaluation from AD Evaluation::AD Followup by Russ Housley |
2004-03-25
|
07 | Russ Housley | I requested confirmation that the test vectors in the document are correct on 08-Oct-2003. I am still waiting. Two reminders have been sent. The most … I requested confirmation that the test vectors in the document are correct on 08-Oct-2003. I am still waiting. Two reminders have been sent. The most recent was sent today. |
2003-10-09
|
07 | Russ Housley | State Changes to AD Evaluation::AD Followup from AD Evaluation by Russ Housley |
2003-07-22
|
07 | Russ Housley | State Changes to AD Evaluation from Publication Requested by Housley, Russ |
2003-07-07
|
07 | Russ Housley | Draft Added by Housley, Russ |
2003-06-23
|
05 | (System) | New version available: draft-raeburn-krb-rijndael-krb-05.txt |
2003-06-11
|
04 | (System) | New version available: draft-raeburn-krb-rijndael-krb-04.txt |
2003-02-26
|
03 | (System) | New version available: draft-raeburn-krb-rijndael-krb-03.txt |
2002-11-05
|
02 | (System) | New version available: draft-raeburn-krb-rijndael-krb-02.txt |
2001-07-03
|
01 | (System) | New version available: draft-raeburn-krb-rijndael-krb-01.txt |
2000-11-21
|
00 | (System) | New version available: draft-raeburn-krb-rijndael-krb-00.txt |