Kerberos WG (krbwg)

NOTE: This charter is a snapshot of the 60th IETF Meeting in San Diego, California USA. It may now be out-of-date.

Last Modified: 2004-06-15

Douglas Engert <>
Jeffrey Hutzelman <>
Security Area Director(s):
Russell Housley <>
Steven Bellovin <>
Security Area Advisor:
Russell Housley <>
Mailing Lists:
General Discussion:
To Subscribe:
In Body: subscribe ietf-krb-wg your_email_address
Description of Working Group:

Goals and Milestones:
Done  First meeting
Done  Submit the Kerberos Extensions document to the IESG for consideration as a Proposed standard.
Dec 03  Complete first draft of Pre-auth Framework
Jan 04  Complete first draft of Extensions
Done  Submit K5-GSS-V2 document to IESG for consideration as a Proposed Standard
Mar 04  Submit the PKINIT document to the IESG for consideration as a Proposed Standard.
Apr 04  Submit Extensions document to IESG for consideration as a Proposed Standard
Apr 04  Submit Change/Set Password document to IESG for consideration as a Proposed Standard
May 04  Submit Pre-auth Framework document to IESG for consideration as a Proposed Standard
Oct 04  Submit PKCROSS to IESG for consideration as a Proposed Standard
Nov 04  Charter Review, update of milestones and refinement of goals.
  • - draft-ietf-cat-kerberos-pk-init-20.txt
  • - draft-raeburn-krb-rijndael-krb-07.txt
  • - draft-ietf-krb-wg-kerberos-referrals-04.txt
  • - draft-ietf-krb-wg-crypto-07.txt
  • - draft-ietf-krb-wg-kerberos-clarifications-06.txt
  • - draft-ietf-krb-wg-kerberos-sam-03.txt
  • - draft-ietf-krb-wg-kerberos-set-passwd-02.txt
  • - draft-ietf-krb-wg-gssapi-cfx-07.txt
  • - draft-ietf-krb-wg-preauth-framework-01.txt
  • No Request For Comments

    Current Meeting Report

    ** IETF 60 - San Diego, CA
    ** Kerberos Working Group
    ** Wed, Aug 4, 2004 - 13:00-15;00

    Chairs: Doug Engert, Jeffrey Hutzelman
    Scribe: Ken Hornstein

    * Agenda:
    + Introduction - Chairs (5 min)
    + Document Status - Chairs (5 min)
    + WG Priorities - Chairs (10 min)
    + PKINIT - Brian Tung
    + Preauthentication Framework - Sam Hartman (10 min)
    + LDAP Information Model - Lief Johansson (10 min)
    + Change Password Protocol - Nico Williams (10 min)
    + Referrals - Larry Zhu (10 min)
    + Self-Imposed Limitations - Doug Engert (5 min)
    + kerberos-extensions - Tom Yu (30 min)

    * Document Status
    The chairs reviewed the status of several documents moving through
    the IETF process, and solicited comments on a couple of issues...

    + Crypto Framework

    - The crypto framework was approved by the IESG and is now in the RFC-Editor queue. There is a desire to fix a problem in the pseudo-random function defined by the simplified profile.
    - Sam Hartman (co-author) described the PRF problem and the proposed solution in some detail. It is a one-line document change, and the function in question is not used by the core kerberos protocol or anything that has yet been deployed.
    - The chair noted that the AD had previously indicated he would allow such a change during editing, provided there was a documented concensus of the WG.
    - The chairs asked for the concensus of the room; there was significant support and no opposition. The issue will be brought up on the mailing list for confirmation. [This has been done; there was support but no objection. -jhutz]

    - This document was approved by the IESG and is now in the RFC-Editor queue.
    - Steve Bellovin (security AD) said he was still unsure about Sam Hartman's assertion that no new IANA registries are needed, and this issue is still outstanding.

    + AES
    - This document is still in the IESG queue
    - Ken Raeburn (editor) indicated there were comments received during the last-call process, that some of the recommendations (e.g. relating to key-salting) were vague.
    - Russ Housley (AD) indicated the AD's havn't decided yet.
    [Since the meeting, the IESG approved this for Proposed -jhutz]

    + Kerberos Clarifications
    - This document is still undergoing revision to resolve issues raised by the IESG. One more revision to go, we hope.
    - An issue was described that was raised by Steve Bellovin during IESG review related to prohibiting the use of link-local addresses in tickets and a few other places. This issue was discussed between the chairs, the SEC and INT AD's, and some of the document authors, and we believe it is resolved.
    - Cliff Neuman (author) will put in the relevant changes.
    - A second issue was rasied on the list by Nico Williams and Wyllys Ingersoll, who would like to see AES-128 added as a RECOMMENDED enctype. In the absence of any objections on the list, this will happen in the next rev. [No objections have been seen on the list -jhutz]

    * WG Priorities and Milestones [see slides]
    - First draft of preauth by Jan 2005
    - First draft of extensions by Nov 2004 (IETF61)
    - Submit extensions to IESG by April 2005
    - It was suggested that the milestone for PKCROSS be dropped; Russ Housley (AD) indicated that if it's on the charter, it must have a milestone.
    - Someone looked for the online charter page, but it was not available. Discussion deferred to the list. [The charter is available now, and while the scope does include "proposals on new and extended functionality...", it does not specifically name any particular such proposals. However, I personally would like to see work happen on PKCROSS or some equivalent functionality -jhutz]
    - Setting of milestones for PKINIT and Set/Change PW was deferred.

    * PKINIT
    + Brian Tung (editor) gave a brief overview of open issues [see slides]

    + OCSP Tunnelling
    - Brian Tung indicated he thought there was agreement on what the text should look like, based on proposals from Larry Zhu and Nico Williams
    - Larry indicated he had the I-D ready to submit.
    - Sense of the room was to proceed with Larry's document as a separate draft.
    - Chairs indicated Larry should submit the draft as a WG document.

    + DH Key Derivation
    - Sam Hartman described the goal here, which is to allow parties to cache DH keys and use them again in static-static mode. The main issue is how to do key derivation and use nonces.
    - The new proposal involves adding longer, DH-specific nonces in both directions. Then take a bunch of stuff and feed it into PRF to derive a key.
    - This requires a wire format change, and Sam wanted to defer discussion until we see if we have other wire format changes.
    - After some discussion, the sense of the room was that this change should be made. This will be validated on the list.
    - The question of wire format changes will be deferred to the list.
    - The question of MAY vs SHOULD will be deferred to the list.

    [ These topics are related, and the discussion was intertwined ]
    - Russ explained an encoding issue relating to certificates and X.500 directories. In this scenario, when a CA makes a cert, it encodes in DER. But when the cert is placed in an X.500 directory, the X.500 DAP includes the object directly rather than octet-string wrapped, so it gets encoded in BER. So, when a client receives a cert via DAP, it needs to decode the cert and reencode it as DER in order to validate the signature.
    - Jeff Hutzelman expressed a desire to specify a single encoding, preferably DER [I don't remember this, but it's in the jabber log -jhutz]
    - Sam Hartman objected to requiring DER, just for the benefit of a single vendor who doesn't support indefinite-length encodings.
    - Tom Yu reports that going from a hand-coded DER decoder to one that handles full BER is hard.
    - Jeff Hutzelman, attempting to channel CableLabs, stated that they believe permitting BER is a significant change, and they will probably choose to be non-compliant. [I now better understand their position; they _really_ want to be able to interop with off-the-shelf KDC's, but doing BER in embedded clients is too much of a hurdle -jhutz]
    - Sam Hartman pointed out that while people are acting under the assumption that specifying DER makes a vendor's life easier, it is also the case that specifying BER makes other vendors' lives easier. He says if we're going to choose whose life to make easier, it should be the vendor deploying product on the open internet, rather than in a closed environment.
    - Love Hörnquist-Åstrand comments (via Jabber) that it's a CMS type, and CMS specifies BER, so the question is only whether to wrap it as an octet-string.

    - Jeff Hutzelman, again attempting to channel CableLabs, says wrapping CMS objects in OCTET-STRING won't be hard for implementors to deal with, but will be a wire change, and all wire changes are cause for concern for them.
    - Wrapping doesn't solve the DER vs BER issue, but it does help some vendors by letting them use off-the-shelf libraries.
    - Tom Yu indicated that wraooing in IMPLICIT OCTET-STRING results in a single-bit change on the wire.
    - The sense of the room was to specifiy that CMS objects in PKINIT be wrapped in IMPLICIT OCTET-STRING.
    - There was agreement to specify that PKINIT messages themselves (not embedded CMS objects) MUST be DER-encoded.
    - There was much argument over trying to come up with wording for a question the chair was trying to ask about BER vs DER. Once the argument settled down and the question was asked, it was clear that there was not clear agreement on this issue.

    + Unauthenticated Plaintext
    - Sam Hartman said he was unsure whether there were security issues with unsigned parts of the protocol.

    + Nonces

    + DH Groups
    - The chair asked whether the IESG would approve a document which recommended only Oakley groups 1 and 2.
    - Russ Housley (AD) responded "maybe"
    - Based on recent experience in SSH, Jeff Hutzelman suggested it would probably not be approved.
    - Russ indicated we would have to have at least one MUST, and that it does not have to be group 14.
    - There was a _lot_ of chatter on Jabber about how negotation of groups actually does/will work.
    - Doc Evans reported (via Jabber) that the PacketCable spec currently REQUIRES group 2 and RECCOMMENDS group 1.
    - The outcome of discussion in the room and on Jabber seems to favor making group 2 REQUIRED and group 14 RECOMMENDED.

    + Root CA in Cert Chain
    - Russ Housley (AD) indicated that the root CA cert must _not_ be included in the certificate chain; otherwise he will send the document back.

    * Pre-Authentication Framework
    - Sam Hartman (author) gave an update on the status of the preauth framework document, including some open issues.
    - Sam indicated he would need help with preparing ASCII art in the document.
    - Brian Tung offered to provide help with the document.
    - Love Hörnquist-Åstrand offered to review the document.

    * Kerberos Information Model

    - Leif Johansson talked about the ongoing side-work on developing an information model for Kerberos. [see slides]
    - The initial work is nearly complete, and ready for WG review.
    - Sam Hartman indicated he'd presented some of this work to a vendor, who seemed interested and had some feedback.
    - Leif indicated that comments from previous IETF's [Vienna? -jhutz] were folded into the latest draft.
    - Nico Williams indicated he would review the document.
    - Sam Hartman proposed making this a WG document
    - Lacking the charter text, the chair was unable to say for certain, but believes this work falls within the charter [since then, I've read the charter, and I still believe it -jhutz].
    - The sense of the room favored making this a WG work item.
    - Russ Housley (AD) admonished us to finish PKINIT first.
    - Lief indicated he would accept any comments.

    * Set/Change Password
    - Nico Williams (author) gave an update on the set/change password document [see slides]
    - Larry Zhu would like to be able to negotiate support for error codes, so new codes can be added without IETF intervention.
    - Nico indicaed this should go to the list
    - Nico described some issues relating to internationalization, particularly with regard to making things work when a KDC which implements this protocol wants to provide support for legacy just-send-8 Kerberos clients. To that end, he proposed adding a mechanism for clients to provide hints as to what encoding they are using.
    - The sense of the room was in support of adding encoding hints.

    * Self-Imposed Limitations of Kerberos
    - Doug Engert (co-chair) gave a presentation on some of the problems that face Kerberos as it becomes widely deployed.
    - See the slides and Jabber discussion for more detail.

    * KDC Referrals
    - Larry Zhu (author/editor) gave some updates on the referrals document [see slides]
    - Larry indicated maybe next step was last call, and wanted WG input on this.
    - The chairs indicated that the decision to go to WG last call would be made by them, based on whether the document appeared ready; that in turn would depend heavily on the author's sense of how ready the document is.
    - Sam Hartman indicated he did not think the document was ready yet for WG last call.

    * Kerberos Extensions
    - Due to lack of time, Tom Yu was unable to give his presentation on the status of kerberos-extensions. However, slides are available in the meeting proceedings.

    * Meeting closed


    KRB-WG Goals and Milestone
    krb information model
    Kerberos V set-password v2
    KDC Referrals
    Self Imposed Limitations of Kerberos
    Update on Kerberos Extensibility