The kerberos-wg met Wednesday, 11/11/09, during the first afternoon session. Co-chairs: Larry Zhu and Jeffrey Hutzelman (acting, Shawn Emery)The goals of the meeting were to discuss the FAST negotiation issue and resolve encryption type semantics in the KDC data model.
Sam Hartman presented issues with FAST negotiation. Need a way to determine if the KDC supports FAST and a way to negotiate the armor ticket securely. Solution entails supplying integrity check in the AS-REP on the server side, providing a new PA-type by the client, and new negotiation to thwart down grade attack. WG members agreed to the solution presented.
Encryption type attribute in the data model needs better semantics. Suggestions include separting attribute and policy. Some members would like to include positive/negative support for these.
Document Status ---------------------- draft-ietf-krb-wg-preauth-framework 1 asn.1 issue (uint32 undefined)Tom Yu will verify type registry is accurate before sending off for IANA review
no implementors draft-josefsson-kerberos5-starttls WGLC finished draft-ietf-krb-wg-cross-problem-statement IETF Last Call/IESG Review Shawn. --
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.