idnits 2.17.1 draft-ietf-kitten-krb5-gssapi-domain-based-names-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 14. -- Found old boilerplate from RFC 3978, Section 5.5 on line 167. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 144. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 151. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 157. ** This document has an original RFC 3978 Section 5.4 Copyright Line, instead of the newer IETF Trust Copyright according to RFC 4748. ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead of the newer disclaimer which includes the IETF Trust according to RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an Introduction section. ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (October 19, 2005) is 6762 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Missing reference section? 'RFC2119' on line 110 looks like a reference -- Missing reference section? 'DOMAIN-BASED-NAMES' on line 106 looks like a reference -- Missing reference section? 'RFC2743' on line 113 looks like a reference -- Missing reference section? 'RFC4121' on line 120 looks like a reference -- Missing reference section? 'RFC4120' on line 116 looks like a reference Summary: 5 errors (**), 0 flaws (~~), 2 warnings (==), 12 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 NETWORK WORKING GROUP N. Williams 2 Internet-Draft Sun 3 Expires: April 22, 2006 October 19, 2005 5 GSS-API Domain-Based Service Names Mapping for the Kerberos V GSS 6 Mechanism 7 draft-ietf-kitten-krb5-gssapi-domain-based-names-01.txt 9 Status of this Memo 11 By submitting this Internet-Draft, each author represents that any 12 applicable patent or other IPR claims of which he or she is aware 13 have been or will be disclosed, and any of which he or she becomes 14 aware will be disclosed, in accordance with Section 6 of BCP 79. 16 Internet-Drafts are working documents of the Internet Engineering 17 Task Force (IETF), its areas, and its working groups. Note that 18 other groups may also distribute working documents as Internet- 19 Drafts. 21 Internet-Drafts are draft documents valid for a maximum of six months 22 and may be updated, replaced, or obsoleted by other documents at any 23 time. It is inappropriate to use Internet-Drafts as reference 24 material or to cite them other than as "work in progress." 26 The list of current Internet-Drafts can be accessed at 27 http://www.ietf.org/ietf/1id-abstracts.txt. 29 The list of Internet-Draft Shadow Directories can be accessed at 30 http://www.ietf.org/shadow.html. 32 This Internet-Draft will expire on April 22, 2006. 34 Copyright Notice 36 Copyright (C) The Internet Society (2005). 38 Abstract 40 This document describes the mapping of GSS-API domainname-based 41 service principal names onto Kerberos V principal names. 43 Table of Contents 45 1. Conventions used in this document . . . . . . . . . . . . . . . 3 46 2. Domain-Based Names for the Kerberos V GSS-API Mechanism . . . . 4 47 3. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 48 4. Security Considerations . . . . . . . . . . . . . . . . . . . . 6 49 5. Normative . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 50 Author's Address . . . . . . . . . . . . . . . . . . . . . . . 7 51 Intellectual Property and Copyright Statements . . . . . . . . 8 53 1. Conventions used in this document 55 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 56 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 57 document are to be interpreted as described in [RFC2119]. 59 2. Domain-Based Names for the Kerberos V GSS-API Mechanism 61 In accordance with [DOMAIN-BASED-NAMES] this document provides the 62 mechanism-specific details needed to implement GSS-API [RFC2743] 63 domain-based service names with the Kerberos V GSS-API mechanism 64 [RFC4121]. 66 GSS_C_NT_DOMAINBASED_SERVICE name are mapped to Kerberos V principal 67 names as follows: 69 o the name becomes the first (0th) component of the 70 Kerberos V principal name; 72 o the becomes the second component of the Kerberos V 73 principal name; 75 o the name becomes the third component of the Kerberos V 76 principal name; 78 o the realm of the resulting principal name is that which 79 corresponds to the domain name, treated as a hostname. 81 The same name canonicalization considerations and methods as used 82 elsewhere in the Kerberos V GSS-API mechanism [RFC4121] and Kerberos 83 V [RFC4120] in general apply here. 85 Implementations SHOULD use a Kerberos V name-type of NT-SRV-HST- 86 DOMAIN (integral value TBD) but MAY use NT-UNKNOWN instead. 88 3. Examples 90 o The domain based name, of generic form, 91 "ldap@Example.TLD@ds1.Example.TLD" may map to a Kerberos V 92 principal name like: "ldap/ds1.example.tld/ 93 example.tld@EXAMPLE.TLD" 95 o The domain based name, of generic form, 96 "kadmin@Example.TLD@kdc1.Example.TLD" may map to a Kerberos V 97 principal name like: "kadmin/kdc1.example.tld/ 98 example.tld@EXAMPLE.TLD" 100 4. Security Considerations 102 See [DOMAIN-BASED-NAMES]. 104 5. Normative 106 [DOMAIN-BASED-NAMES] 107 Williams, N., "GSS-API Domain-Based Service Names and Name 108 Type". 110 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 111 Requirement Levels", BCP 14, RFC 2119, March 1997. 113 [RFC2743] Linn, J., "Generic Security Service Application Program 114 Interface Version 2, Update 1", RFC 2743, January 2000. 116 [RFC4120] Neuman, C., Yu, T., Hartman, S., and K. Raeburn, "The 117 Kerberos Network Authentication Service (V5)", RFC 4120, 118 July 2005. 120 [RFC4121] Zhu, L., Jaganathan, K., and S. Hartman, "The Kerberos 121 Version 5 Generic Security Service Application Program 122 Interface (GSS-API) Mechanism: Version 2", RFC 4121, 123 July 2005. 125 Author's Address 127 Nicolas Williams 128 Sun Microsystems 129 5300 Riata Trace Ct 130 Austin, TX 78727 131 US 133 Email: Nicolas.Williams@sun.com 135 Intellectual Property Statement 137 The IETF takes no position regarding the validity or scope of any 138 Intellectual Property Rights or other rights that might be claimed to 139 pertain to the implementation or use of the technology described in 140 this document or the extent to which any license under such rights 141 might or might not be available; nor does it represent that it has 142 made any independent effort to identify any such rights. Information 143 on the procedures with respect to rights in RFC documents can be 144 found in BCP 78 and BCP 79. 146 Copies of IPR disclosures made to the IETF Secretariat and any 147 assurances of licenses to be made available, or the result of an 148 attempt made to obtain a general license or permission for the use of 149 such proprietary rights by implementers or users of this 150 specification can be obtained from the IETF on-line IPR repository at 151 http://www.ietf.org/ipr. 153 The IETF invites any interested party to bring to its attention any 154 copyrights, patents or patent applications, or other proprietary 155 rights that may cover technology that may be required to implement 156 this standard. Please address the information to the IETF at 157 ietf-ipr@ietf.org. 159 Disclaimer of Validity 161 This document and the information contained herein are provided on an 162 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 163 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET 164 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, 165 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 166 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 167 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 169 Copyright Statement 171 Copyright (C) The Internet Society (2005). This document is subject 172 to the rights, licenses and restrictions contained in BCP 78, and 173 except as set forth therein, the authors retain all their rights. 175 Acknowledgment 177 Funding for the RFC Editor function is currently provided by the 178 Internet Society.