IETF Logo Mail Archive

[kitten] Authentication Indicator in Kerberos tickets

Nathaniel McCallum <npmccallum@redhat.com> Thu, 28 August 2014 16:37 UTC

Return-Path: <npmccallum@redhat.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F14B1A87A8 for <kitten@ietfa.amsl.com>; Thu, 28 Aug 2014 09:37:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.867
X-Spam-Level:
X-Spam-Status: No, score=-4.867 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.668, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PkLFpcJC7qMJ for <kitten@ietfa.amsl.com>; Thu, 28 Aug 2014 09:37:08 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 105C21A8779 for <kitten@ietf.org>; Thu, 28 Aug 2014 09:37:05 -0700 (PDT)
Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s7SGb52D015051 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for <kitten@ietf.org>; Thu, 28 Aug 2014 12:37:05 -0400
Received: from vpn-63-189.rdu2.redhat.com (vpn-63-189.rdu2.redhat.com [10.10.63.189]) by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id s7SGawbn030357 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NO) for <kitten@ietf.org>; Thu, 28 Aug 2014 12:37:04 -0400
Message-ID: <1409243818.9966.3.camel@redhat.com>
From: Nathaniel McCallum <npmccallum@redhat.com>
To: kitten@ietf.org
Date: Thu, 28 Aug 2014 12:36:58 -0400
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.22
Archived-At: http://mailarchive.ietf.org/arch/msg/kitten/MkTGhEiEUnH02eoYAY7oCIl-bEQ
Subject: [kitten] Authentication Indicator in Kerberos tickets
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Aug 2014 16:37:10 -0000

I have submitted a new draft for Kerberos Authentication Indicators and
I'd like to start a discussion about moving the draft through the
process. I'm a newbie here, so any help would be greatly appreciated.

The purpose of Authentication Indicators is to be able to assert some
positive attributes about the authentication event itself in the ticket.
This should also be usable in the case of S4U2Proxy.

The draft can be found here:
http://www.ietf.org/id/draft-jain-kitten-krb-auth-indicator-01.txt

For some background information, see the MIT krb5 project page:
http://k5wiki.kerberos.org/wiki/Projects/Authentication_indicator

Thanks!

Nathaniel McCallum

v2.23.0 | Report a Bug | By Email