Kerberos (krb-wg)

In addition to this official charter maintained by the IETF Secretariat, there is additional information about this working group on the Web at:

Additional KRB-WG Web Page

Last Modified: 2006-10-17

Additional information is available at tools.ietf.org/wg/krb-wg

Chair(s):

Jeffrey Hutzelman <jhutz@cmu.edu>

Security Area Director(s):

Russ Housley <housley@vigilsec.com>

Sam Hartman <hartmans-ietf@mit.edu>

Security Area Advisor:

Sam Hartman <hartmans-ietf@mit.edu>

Mailing Lists:

General Discussion: ietf-krb-wg@anl.gov
To Subscribe: majordomo@anl.gov
In Body: subscribe ietf-krb-wg your_email_address
Archive: ftp://ftp.ietf.org/ietf-mail-archive/krb-wg/

Description of Working Group:

Kerberos over the years has been ported to virtually every operating
system. There are at least two open source versions, with numerous
commercial versions based on these and other proprietary
implementations. Kerberos evolution has continued over the years, and
interoperability has been problematic. A number of draft proposals
have been issued concerning aspects of new or extended functionality.

The group will strive to improve the interoperability of these
systems while improving security.

Specifically, the Working Group will:

* Clarify and amplify the Kerberos specification (RFC 1510) to make
sure
interoperability problems encountered in the past that occurred
because of unclear specifications do not happen again. The output of
this process should be suitable for Draft Standard status.

* Select from existing proposals on new or extended functionality those
that will add significant value while improving interoperability and
security, and publish these as one or more Proposed Standards.

Goals and Milestones:

Done		First meeting
Done		Submit the Kerberos Extensions document to the IESG for consideration as a Proposed standard.
Done		Complete first draft of Pre-auth Framework
Done		Complete first draft of Extensions
Done		Submit K5-GSS-V2 document to IESG for consideration as a Proposed Standard
Done		Last Call on OCSP for PKINIT
Done		Consensus on direction for Change/Set password
Done		PKINIT to IESG
Done		Enctype Negotiation to IESG
Done		Last Call on PKINIT ECC
Mar 2006		Review milestones
Mar 2006		Issues identified for Anonymous
Jun 2006		Major issues resolved on Extensions
Aug 2006		Last Call on Extensions
Aug 2006		Last Call on Referrals
Sep 2006		Last Call on Change/Set password

Internet-Drafts:

Generating KDC Referrals to Locate Kerberos Realms (35564 bytes)
Passwordless Initial Authentication to Kerberos by Hardware Preauthentication (13182 bytes)
Kerberos Set/Change Key/Password Protocol Version 2 (67385 bytes)
A Generalized Framework for Kerberos Pre-Authentication (73856 bytes)
The Kerberos Network Authentication Service (Version 5) (223869 bytes)
ECC Support for PKINIT (21134 bytes)
Extended Kerberos Version 5 Key Distribution Center (KDC) Exchanges Over TCP (11550 bytes)
Extended Kerberos Version 5 Key Distribution Center (KDC) Exchanges Over TCP (13998 bytes)
Anonymity Support for Kerberos (23905 bytes)
Additional Kerberos Naming Constraits (10416 bytes)
PK-INIT algorithm agility (11399 bytes)

Request For Comments:

AES Encryption for Kerberos 5 (RFC 3962) (32844 bytes)
Encryption and Checksum Specifications for Kerberos 5 (RFC 3961) (111865 bytes)
The Kerberos Network Authentication Service (V5) (RFC 4120) (340314 bytes) obsoletes RFC 1510/ updated by RFC 4537
The Kerberos Version 5 Generic Security Service Application Program Interface (GSS-API) Mechanism: Version 2 (RFC 4121) (43945 bytes) updates RFC 1964
Kerberos Cryptosystem Negotiation Extension (RFC 4537) (11166 bytes) updates RFC 4120
Online Certificate Status Protocol (OCSP) Support for Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) (RFC 4557) (11593 bytes)
Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) (RFC 4556) (100339 bytes)

IETF Secretariat - Please send questions, comments, and/or suggestions to ietf-web@ietf.org.

Return to working group directory.

Return to IETF home page.