idnits 2.17.1 

draft-ietf-kitten-krb5-gssapi-prf-00.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** It looks like you're using RFC 3978 boilerplate.  You should update this
     to the boilerplate described in the IETF Trust License Policy document
     (see https://trustee.ietf.org/license-info), which is required now.

  -- Found old boilerplate from RFC 3667, Section 5.1 on line 13.

  -- Found old boilerplate from RFC 3978, Section 5.5 on line 141.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 118.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 125.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 131.

  ** Found boilerplate matching RFC 3978, Section 5.4, paragraph 1 (on line
     147), which is fine, but *also* found old RFC 2026, Section 10.4C,
     paragraph 1 text on line 35.

  ** The document seems to lack an RFC 3978 Section 5.1 IPR Disclosure
     Acknowledgement -- however, there's a paragraph with a matching
     beginning. Boilerplate error?

  ** This document has an original RFC 3978 Section 5.4 Copyright Line,
     instead of the newer IETF Trust Copyright according to RFC 4748.

  ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead
     of the newer disclaimer which includes the IETF Trust according to RFC
     4748.

  ** The document uses RFC 3667 boilerplate or RFC 3978-like boilerplate
     instead of verbatim RFC 3978 boilerplate.  After 6 May 2005, submission
     of drafts without verbatim RFC 3978 boilerplate is not accepted.

     The following non-3978 patterns matched text found in the document. 
     That text should be removed or replaced:

        By submitting this Internet-Draft, I certify that any applicable patent
        or other IPR claims of which I am aware have been disclosed, or
        will be disclosed, and any of which I become aware will be
        disclosed, in accordance with RFC 3668.


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

  == No 'Intended status' indicated for this document; assuming Proposed
     Standard

  == It seems as if not all pages are separated by form feeds - found 0 form
     feeds but 6 pages


  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** The document seems to lack an IANA Considerations section.  (See Section
     2.2 of https://www.ietf.org/id-info/checklist for how to handle the case
     when there are no actions for IANA.)


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not
     match the current year

  == The document doesn't use any RFC 2119 keywords, yet seems to have RFC
     2119 boilerplate text.

  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (July 2004) is 7225 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  -- Missing reference section? 'RFC2119' on line 90 looks like a reference

  -- Missing reference section? 'GSS-PRF' on line 88 looks like a reference

  -- Missing reference section? 'RFC2743' on line 93 looks like a reference

  -- Missing reference section? 'RFC2744' on line 96 looks like a reference


     Summary: 7 errors (**), 0 flaws (~~), 4 warnings (==), 11 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------

1	NETWORK WORKING GROUP                                        N. Williams
2	Internet-Draft                                                       Sun
3	Expires: December 30, 2004                                     July 2004

5	               A PRF for the Kerberos V GSS-API Mechanism
6	                draft-ietf-kitten-krb5-gssapi-prf-00.txt

8	Status of this Memo

10	   By submitting this Internet-Draft, I certify that any applicable
11	   patent or other IPR claims of which I am aware have been disclosed,
12	   and any of which I become aware will be disclosed, in accordance with
13	   RFC 3668.

15	   Internet-Drafts are working documents of the Internet Engineering
16	   Task Force (IETF), its areas, and its working groups.  Note that
17	   other groups may also distribute working documents as
18	   Internet-Drafts.

20	   Internet-Drafts are draft documents valid for a maximum of six months
21	   and may be updated, replaced, or obsoleted by other documents at any
22	   time.  It is inappropriate to use Internet-Drafts as reference
23	   material or to cite them other than as "work in progress."

25	   The list of current Internet-Drafts can be accessed at
26	   http://www.ietf.org/ietf/1id-abstracts.txt.

28	   The list of Internet-Draft Shadow Directories can be accessed at
29	   http://www.ietf.org/shadow.html.

31	   This Internet-Draft will expire on December 30, 2004.

33	Copyright Notice

35	   Copyright (C) The Internet Society (2004).  All Rights Reserved.

37	Abstract

39	   This document defines the Pseudo-Random Function (PRF) for the
40	   Kerberos V GSS-API mechanism, based on the PRF defined for the
41	   Kerberos V cryptographic framework, for keying application protocols
42	   given an established Kerberos V GSS-API security context.

44	Table of Contents

46	   1. Conventions used in this document  . . . . . . . . . . . . . . . 3
47	   2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . 4
48	   3. Security Considerations  . . . . . . . . . . . . . . . . . . . . 5
49	   4. Normative  . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
50	      Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 5
51	      Intellectual Property and Copyright Statements . . . . . . . . . 6

53	1.  Conventions used in this document

55	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
56	   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
57	   document are to be interpreted as described in [RFC2119].

59	2.  Introduction

61	   The GSS-API PRF [GSS-PRF] function for the Kerberos V mechanism shall
62	   be the output of a PRF+ function based on the enctype's PRF function
63	   keyed with the negotiated session key of the security context (e.g.,
64	   the acceptor's subkey) and key usage X (TBD).

66	   The PRF+ function is a simple counter-based extension of the
67	   enctype's prf using an 16-bit network byte order unsigned binary
68	   counter: PRF+(k, input) = random-to-key( k-truncate( prf(k, 0 ||
69	   input) || prf(k, 1 || input), ..  prf(k, n || input))).  The maximum
70	   output length for this PRF+ then is 65536 times the output length of
71	   the Kerberos V cryptographic framework PRF for the enctype of the
72	   input key.

74	   If the desired_output_len input parameter exceeds the maximum output
75	   of this function then the maximum will be output instead.

77	3.  Security Considerations

79	   Kerberos V enctypes' PRF functions use a key derived from contexts'
80	   session keys and should preserve the forward security properties of
81	   the mechanisms' key exchanges.

83	   See also [GSS-PRF] for generic security considerations of
84	   GSS_Pseudo_random().

86	4  Normative

88	   [GSS-PRF]  Williams, N., "A PRF API extension for the GSS-API".

90	   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
91	              Requirement Levels", BCP 14, RFC 2119, March 1997.

93	   [RFC2743]  Linn, J., "Generic Security Service Application Program
94	              Interface Version 2, Update 1", RFC 2743, January 2000.

96	   [RFC2744]  Wray, J., "Generic Security Service API Version 2 :
97	              C-bindings", RFC 2744, January 2000.

99	Author's Address

101	   Nicolas Williams
102	   Sun Microsystems
103	   5300 Riata Trace Ct
104	   Austin, TX  78727
105	   US

107	   EMail: Nicolas.Williams@sun.com

109	Intellectual Property Statement

111	   The IETF takes no position regarding the validity or scope of any
112	   Intellectual Property Rights or other rights that might be claimed to
113	   pertain to the implementation or use of the technology described in
114	   this document or the extent to which any license under such rights
115	   might or might not be available; nor does it represent that it has
116	   made any independent effort to identify any such rights.  Information
117	   on the procedures with respect to rights in RFC documents can be
118	   found in BCP 78 and BCP 79.

120	   Copies of IPR disclosures made to the IETF Secretariat and any
121	   assurances of licenses to be made available, or the result of an
122	   attempt made to obtain a general license or permission for the use of
123	   such proprietary rights by implementers or users of this
124	   specification can be obtained from the IETF on-line IPR repository at
125	   http://www.ietf.org/ipr.

127	   The IETF invites any interested party to bring to its attention any
128	   copyrights, patents or patent applications, or other proprietary
129	   rights that may cover technology that may be required to implement
130	   this standard.  Please address the information to the IETF at
131	   ietf-ipr@ietf.org.

133	Disclaimer of Validity

135	   This document and the information contained herein are provided on an
136	   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
137	   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
138	   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
139	   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
140	   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
141	   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

143	Copyright Statement

145	   Copyright (C) The Internet Society (2004).  This document is subject
146	   to the rights, licenses and restrictions contained in BCP 78, and
147	   except as set forth therein, the authors retain all their rights.

149	Acknowledgment

151	   Funding for the RFC Editor function is currently provided by the
152	   Internet Society.