Kerberos WG (krb-wg)
TUESDAY, November 19 at 1415-1515 and 1545-1645
===============================================
CHAIR: Doug Engert <deengert@anl.gov>
AGENDA:
Introduction
Doug Engert - 5 min
Agenda bashing, appointing a scribe
"The Kerberos Network Authentication Service (V5)"
hhttp://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-clarifications-02.txt
Cliff Neuman - 20 min
Status: The Clarifications are in WG last call with the last call to end the
day of the WG. (If you read nothing else, please read this document!)
"Encryption and Checksum Specifications for Kerberos 5"
http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-crypto-02.txt
Ken Raeburn - 10 min
Status: Should be ready for last call after meeting.
"AES Encryption for Kerberos 5"
http://www.ietf.org/internet-drafts/draft-raeburn-krb-rijndael-krb-02.txt
Ken Raeburn - 10 min
Status: Just submitted, Should be ready for last call after meeting.
"Public Key Cryptography for Initial Authentication in Kerberos"
http://www.ietf.org/internet-drafts/draft-ietf-cat-kerberos-pk-init-16.txt
Matt Hur - 5 min
Status: May need some changes based on recent comments on WG list,
It could be ready for another WG last call.
"Initial and Pass Through Authentication Using Kerberos V5 and GSS-API (IAKERB)"
http://www.ietf.org/internet-drafts/draft-ietf-cat-iakerb-08.txt
Glen Zorn - 5 min
Status: Passed WG last call, and sent to IESG. Has stalled,
Martin Rex expressed complaints to IESG. Jeff Shiller has said he would
look at it. WG might want to recommend it be Experimental, as no one
is implementing it as far as we know.
"Kerberos Set/Change Password: Version 2
Sam Hartman - 5 min
http://www.ietf.org/internet-drafts/draft-ietf-cat-kerberos-set-passwd-06.txt
Status: Passed WG last call last year, but has stalled.
Based on comments by Sam Hartman, we may want to make additional changes.
Should also be reviewed in light of Clarifications.
<Break>
"Extensions"
See http://www.kerberos.us -> Clarifications. Coments on Extensions are at the end.
Cliff Neuman and Sam Hartman - 30 min
Status: Waiting for Clarifications before proceeding.
"Krb5 EAP method"
http: none
Derek Atkins - 5 min
Status: EAP is the Extensible Authentication Protocol used by
PPP/RADIUS/et.al. Derek is working on a specification
for how to use EAP to carry Kerberos authentication data and requests
between a client station and "the network.
"Passwordless Initial Authentication to Kerberos by Hardware Preauthentication"
http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-hw-auth-02.txt
Ken Hornstien - 5 min
Status: This is Matt Crawford's draft. Ken said he would talk about it.
"Integrating Single-use Authentication Mechanisms with Kerberos"
http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-sam-01.txt
Ken Hornstien - 5 min
Status: New document.
"Kerberos KDC LDAP Schema"
http://www.ietf.org/internet-drafts/draft-skibbie-krb-kdc-ldap-schema-01.txt
Donna Skibbie - 5 min
Status: May be of interest to the WG.
(I am listing the following drafts, and can discuss them if needed.)
"Stringprep Profile for Kerberos UTF-8 Strings"
http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-utf8-profile-00.txt
"Public Key Cryptography for Cross-Realm Authentication in Kerberos"
http://www.ietf.org/internet-drafts/draft-ietf-cat-kerberos-pk-cross-08.txt
"Distributing Kerberos KDC and Realm Information with DNS"
http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-krb-dns-locate-02.txt
DESCRIPTION:
The prime goal of the working group is to get Kerberos Clarifications to last call,
as most of the other documents depend on this. The Crypto and AES are also needed
to round out the suite of useable documents.