2.6.6 Kerberos WG (krb-wg)

NOTE: This charter is a snapshot of the 51st IETF Meeting in London, England. It may now be out-of-date. Last Modified: 31-Jul-01


Douglas Engert <deengert@anl.gov>

Security Area Director(s):

Jeffrey Schiller <jis@mit.edu>
Marcus Leech <mleech@nortelnetworks.com>

Security Area Advisor:

Jeffrey Schiller <jis@mit.edu>

Mailing Lists:

General Discussion:ietf-krb-wg@anl.gov
To Subscribe: majordomo@anl.gov
In Body: subscribe ietf-krb-wg your_email_address
Archive: ftp://ftp.ietf.org/ietf-mail-archive/krb-wg/

Description of Working Group:

Kerberos over the years has been ported to virtually every operating system. There are at least two open source versions, with numerous commercial versions based on these and other proprietary implementations. Kerberos evolution has continued over the years, and interoperability has been problematic. A number of draft proposals have been issued concerning aspects of new or extended functionality.

The group will strive to improve the interoperability of these systems while improving security.

Specifically, the Working Group will:

* Clarify and amplify the Kerberos specification (RFC 1510) to make sure interoperability problems encountered in the past that occurred because of unclear specifications do not happen again. The output of this process should be suitable for Draft Standard status.

* Select from existing proposals on new or extended functionality those that will add significant value while improving interoperability and security, and publish these as one or more Proposed Standards.

Goals and Milestones:



First meeting

Dec 00


Submit the Kerberos Extensions document to the IESG for consideration as a Proposed standard.

Dec 00


Charter Review, update of milestones and refinement of goals.

Jan 01


Submit the PKINIT document to the IESG for consideration as a Proposed Standard.

Mar 01


Charter Review, update of milestones and refinement of goals.

No Request For Comments

Current Meeting Report

KRB-WG Meeting Minutes

The fourth meeting of the Kerberos WG was held 8/8/2001 in London, with about 45 attendees. Since the last meeting we have had two WG last calls, on the Password change protocol and IAKERB. The Password change draft has been sent to the IESG.

The IAKERB will be shortly.

The bulk of the meeting was concerned with the Kerberos Revisions.

Cliff Neuman described a number of changes most of which where suggested at the last meeting. Compatibility with existing implementations, and reuse of code was highly desirable. A list of how the client, server and KDC could know if it was OK to use the new format was listed.

Ken Raeburn talked on Section 6, the encryption framework. There was consensus that the list of required encryption types will be listed in an appendix. The appendix would be for those encryption types not required for compliance, for example des-cbc-crc. The list of required types will be in section 9 but needs updating. All agree the if AES is available it should be required, but if AES is not available then either 3des or rc4 needs to be required. There are two camps on which should be required.

Tom Yu talked on Section 5, messages. A new approach for compatibility is now being finalized which uses new Application Tags for new format messages, which are the same as old format messages, but have additional fields, or optional fields thus allowing the same parser to pares both old and new format messages. This was not in the current draft.

Sam Hartman talked on some of the other new features which will be included. These include ticket extensions, and a way of using a new address type to avoid the problems with addresses introduced by NAT and VPNs.

Jeff Hutzelman discussed authenticated error messages, and there was consensus that if possible messages should be authenticated, as long as this does not help expose the users key, as described below in the AS_REP concerns.

The main unresolved issue is the (mis)use of GeneralString and UTF8. All agreed that this has to be addressed at some time. Harald Alvestrand chair@ietf.org gave us the IESG's view on internationalization. (The next day we also meet with Patrik Faltstrom paf@cisco.com Application's Area director who went into greater detail on the problems dealing with internationalization. He is willing to work with us on this. It also looks like we have a migration path for this, allowing us to state in the revisions the use of GeneralString really only applies to ASCII, and that we are working on a solution. Jeff Hutzelman promised to write up the minutes of this meeting.)

So it might be possible to have this as a separate draft, and to proceed with the revisions with a warning about the misuse of GeneralString for other then ASCII.

So it looks like the Revisions are finally starting to fall into place. There was also consensus that if there are older sections of RFC 1510 such as DES, we could reference RFC 1510, rather then rewriting in new revisions.

John Brezak presented some concerns with the security of the AP_REP. An attack might be possible if enough separate responses could be collected. Possible solutions include SSL, SRP, EKE, or PDM.

John Brezak then described the revised referral informational draft. There are still issues with cache efficiency, GSSAPI canonicalization, (John will try and talk to Martin Rex), and the use of the KRB_ERR.

Ken Raeburn described the AES draft, and there was consensus that the 192 could be dropped but keep 128 and 256. There are still issues with the string-to-key functions.

Brian Tung has a new version of the PKINIT which addresses some concerns.

Matt Crawford described a new draft which allows a user to use unmodified telnet along with a hardware token to have a modified telnetd obtain a ticket for the user without exposing the Kerberos password.


Kerberos Revisions
Protection of AS-REQ
Kerberos Referrals
UTF8 Implementation