Addition of Kerberos Cipher Suites to Transport Layer Security (TLS)
RFC 2712

Document Type RFC - Proposed Standard (October 1999; Errata)
Authors Ari Medvinsky  , Matt Hur 
Last updated 2018-07-21
Stream Internent Engineering Task Force (IETF)
Formats plain text html pdf htmlized (tools) htmlized bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 2712 (Proposed Standard)
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                      A. Medvinsky
Request for Comments: 2712                                       Excite
Category: Standards Track                                        M. Hur
                                                  CyberSafe Corporation
                                                           October 1999

  Addition of Kerberos Cipher Suites to Transport Layer Security (TLS)

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (1999).  All Rights Reserved.

IESG Note:

   The 40-bit ciphersuites defined in this memo are included only for
   the purpose of documenting the fact that those ciphersuite codes have
   already been assigned.  40-bit ciphersuites were designed to comply
   with US-centric, and now obsolete, export restrictions.  They were
   never secure, and nowadays are inadequate even for casual
   applications.  Implementation and use of the 40-bit ciphersuites
   defined in this document, and elsewhere, is strongly discouraged.

1. Abstract

   This document proposes the addition of new cipher suites to the TLS
   protocol [1] to support Kerberos-based authentication.  Kerberos
   credentials are used to achieve mutual authentication and to
   establish a master secret which is subsequently used to secure
   client-server communication.

2. Introduction

   Flexibility is one of the main strengths of the TLS protocol.
   Clients and servers can negotiate cipher suites to meet specific
   security and administrative policies.  However, to date,
   authentication in TLS is limited only to public key solutions.  As a
   result, TLS does not fully support organizations with heterogeneous
   security deployments that include authentication systems based on
   symmetric cryptography.  Kerberos, originally developed at MIT, is

Medvinsky & Hur             Standards Track                     [Page 1]
RFC 2712       Addition of Kerberos Cipher Suites to TLS   October 1999

   based on an open standard [2] and is the most widely deployed
   symmetric key authentication system.  This document proposes a new
   option for negotiating Kerberos authentication within the TLS
   framework.  This achieves mutual authentication and the establishment
   of a master secret using Kerberos credentials.  The proposed changes
   are minimal and, in fact, no different from adding a new public key
   algorithm to the TLS framework.

3. Kerberos Authentication Option In TLS

   This section describes the addition of the Kerberos authentication
   option to the TLS protocol.  Throughout this document, we refer to
   the basic SSL handshake shown in Figure 1.  For a review of the TLS
   handshake see [1].

  CLIENT                                             SERVER
  ------                                             ------
                                                     Certificate *
 change cipher spec
     |              -------------------------------->
     |                                               change cipher spec
     |                                               Finished
     |                                                   |
     |                                                   |
 Application Data   <------------------------------->Application Data

 FIGURE 1: The TLS protocol.  All messages followed by a star are
           optional.  Note: This figure was taken from an IETF document

   The TLS security context is negotiated in the client and server hello
   messages.  For example: TLS_RSA_WITH_RC4_MD5 means the initial
   authentication will be done using the RSA public key algorithm, RC4
   will be used for the session key, and MACs will be based on the MD5
   algorithm.  Thus, to facilitate the Kerberos authentication option,
   we must start by defining new cipher suites including (but not
   limited to):

Medvinsky & Hur             Standards Track                     [Page 2]
RFC 2712       Addition of Kerberos Cipher Suites to TLS   October 1999

 CipherSuite      TLS_KRB5_WITH_DES_CBC_SHA            = { 0x00,0x1E };
 CipherSuite      TLS_KRB5_WITH_3DES_EDE_CBC_SHA       = { 0x00,0x1F };
Show full document text