A Pseudo-Random Function (PRF) for the Kerberos V Generic Security Service Application Program Interface (GSS-API) Mechanism
Draft of message to be sent after approval:
From: The IESG <email@example.com> To: IETF-Announce <firstname.lastname@example.org> Cc: Internet Architecture Board <email@example.com>, RFC Editor <firstname.lastname@example.org>, kitten mailing list <email@example.com>, kitten chair <firstname.lastname@example.org> Subject: Protocol Action: 'A PRF API extension for the GSS-API' to Proposed Standard The IESG has approved the following documents: - 'A PRF API extension for the GSS-API ' <draft-ietf-kitten-gssapi-prf-08.txt> as a Proposed Standard - 'A PRF for the Kerberos V GSS-API Mechanism ' <draft-ietf-kitten-krb5-gssapi-prf-05.txt> as a Proposed Standard These documents are products of the Kitten (GSS-API Next Generation) Working Group. The IESG contact persons are Sam Hartman and Tim Polk. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-kitten-gssapi-prf-08.txt
Technical Summary These documents define a Pseudo-Random Function (PRF) extension to the Generic Security Service Application Programming Interface (GSS-API) for keying application protocols given an established GSS-API security context and provide an implementation of that extension for the Kerberos V mechanism. The primary intended use of this function is to key secure session layers that don't or cannot use GSS-API per- message MIC (message integrity check) and wrap tokens for session Working Group Summary The Kitten working group participants are solidly behind this document. There were two areas of contention during its development. First, representatives of the Samba team desired that the PRF be designed to be compatible with the key export methods implemented by Microsoft for use with CIFS. The working group consensus was that following Microsoft's direction would have compromised the security and usefulness of the PRF functionality. Second, there was a desire to include a Java Binding for the prf() method. The Java Binding was removed from the document due to both a technical disagreement within the working group related to how it should be implemented as well as conflicts between IETF and Java Community Process processes. Protocol Quality There are no shipping implementations of this extension although there has been broad review and no concerns have been raised regarding the ability to implement the interfaces defined. Several vendors including MIT's Kerberos team, Heimdal and Sun Microsystems have indicated a desire to implement the extension. Ken Raeburn, Uri Blumenthal and Joe Salowey provided significant review. This document has been reviewed for the IESG by Sam hartman. Note to RFC Editor In draft-ietf-kitten-krb5-gssapi-prf, replace the citation to [rfc1964] with a citation to [cfx] and remove the reference entry for [rfc1964] Just before section 2, delete the paragraph beginning "mechanisms may limit the output" and ending with "requested." In draft-ietf-kitten-gssapi-prf, replace the reference to RFC 1750 with a reference to RFC 4086.