Kerberos Working Group (KRB-WG) Minutes Meeting : IETF76, Wednesday 11 November 2009. Location: Crowne Plaza Hiroshima, Camellia room, 1300-1500 Chairs: Jeffrey Hutzelman , Larry Zhu Acting: Shawn Emery Scribe: Jim Schaad ============================================================ AGENDA: Preliminaries - Chairs - Introduction - Blue Sheets - Scribe, Jabber - Remote Participation - Agenda Bashing Document Status - Chairs STARTTLS draft-josefsson-kerberos5-starttls-07.txt Preauth draft-ietf-krb-wg-preauth-framework-15.txt Last Call - Chairs The following documents are currently in last call or have recently had a last call conclude. This time is set aside for discussion of new or existing issues with these documents. Data Model draft-ietf-krb-wg-kdc-model-06.txt Cross Realm PS draft-ietf-krb-wg-cross-problem-statement-05.txt Technical Discussion FAST Negotiation - Sam Hartman Open Mic (whatever is left) ============================================================ SESSION REPORT: * Reviewed recent changes in document status: - The preauth framework document is done and ready to go to the IESG. Before it can be sent, we need confirmation that the padata registry is correct (tlyu) and that the ASN.1 module compiles (jimsch). The chairs asked whether anyone was planning on implementing or had already done so, and got multiple positive responses. [[ This document is now in IETF Last Call until 2010-01-07 --jhutz ]] - STARTTLS is mostly ready to go to the IESG. The EKU/SAN issue is not fully resolved, but we've agreed to send the document as-is, with the issue called out in the PROTO writeup. Sam and/or Nico may re-raise the issue in IETF last call, where hopefully it will get some input from the PKIX community. [[ This document is now in IETF Last Call until 2009-12-24 --jhutz ]] - Sam Hartman asked about the status of anonymous, particularly with respect to Love's proposal for a simpler way to insure that, in an anonymous PKINIT transaction, both the client and KDC have contributed to the TGS session key. After some discussion, Love Hörnquist-Åstrand and Sam agreed to examine this in more detail and come to the mailing list with a proposal on how to proceed. - Sam also asked about the status of the DHCPv6 option draft. The author of that document, Shoichi Sakane, indicated he hasn't had time to work on it recently due to dealing with comments on the cross-realm problem statement draft, but will get to it shortly after IETF. * Discussed two documents in last call: - The cross-realm problem statement document received comments during IETF last call which resulted in substantial revisions. A new WGLC has been started and will run until the end of November. Shoichi Sakane indicated he has some minor edits to -05 which he will post to the list during the last call. All participants are encouraged to review and comment on the new version before the last call ends. [[ The last call ended 2009-11-30 with no additional comments. However, additional changes may be needed to address two DISCUSS comments which were not addressed in -05. ]] - The KDC data model document has recently concluded its third WGLC, and several comments were raised. Discussion is still ongoing on several of these; a new document version is expected shortly after discussion dies down. XXX need more details on the in-meeting discussion * Sam Hartman described a proposal for an extension to provide for protected negotiation of FAST by adding a typed-hole for protected data in the AS-REP. This technique was first used by Microsoft in Windows 2000 and seems to work. There were several questions from Nicolas Williams and Leif Johansson related to how and how long clients should cache the results of the proposed negotation. The acting chair asked for a hum on this proposal; there were a number of voices in the room and commenters on Jabber supporting the proposal, and no opposition.