| blob | a98e7e6588d073a05b99251165a00d916c3f3948 |
1 Kerberos Working Group S. Hartman
2 Internet-Draft MIT
3 Expires: January 17, 2005 July 19, 2004
7 A Generalized Framework for Kerberos Pre-Authentication
8 draft-ietf-krb-wg-preauth-framework-01
11 Status of this Memo
14 By submitting this Internet-Draft, I certify that any applicable
15 patent or other IPR claims of which I am aware have been disclosed,
16 and any of which I become aware will be disclosed, in accordance with
17 RFC 3668.
20 Internet-Drafts are working documents of the Internet Engineering
21 Task Force (IETF), its areas, and its working groups. Note that other
22 groups may also distribute working documents as Internet-Drafts.
25 Internet-Drafts are draft documents valid for a maximum of six months
26 and may be updated, replaced, or obsoleted by other documents at any
27 time. It is inappropriate to use Internet-Drafts as reference
28 material or to cite them other than as "work in progress."
31 The list of current Internet-Drafts can be accessed at http://
32 www.ietf.org/ietf/1id-abstracts.txt.
35 The list of Internet-Draft Shadow Directories can be accessed at
36 http://www.ietf.org/shadow.html.
39 This Internet-Draft will expire on January 17, 2005.
42 Copyright Notice
45 Copyright (C) The Internet Society (2004). All Rights Reserved.
48 Abstract
51 Kerberos is a protocol for verifying the identity of principals
52 (e.g., a workstation user or a network server) on an open network.
53 The Kerberos protocol provides a mechanism called pre-authentication
54 for proving the identity of a principal and for better protecting
55 the long-term secret of the principal.
58 This document describes a model for Kerberos pre-authentication
59 mechanisms. The model describes what state in the Kerberos request a
60 pre-authentication mechanism is likely to change. It also describes
61 how multiple pre-authentication mechanisms used in the same request
62 will interact.
67 Hartman Expires January 17, 2005 [Page 1]
68 Internet-Draft Kerberos Preauth Framework July 2004
72 This document also provides common tools needed by multiple
73 pre-authentication mechanisms.
76 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
77 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
78 document are to be interpreted as described in [1].
81 Table of Contents
84 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
85 2. Model for Pre-Authentication . . . . . . . . . . . . . . . . . 4
86 2.1 Information Managed by Model . . . . . . . . . . . . . . . 5
87 2.2 The Preauth_Required Error . . . . . . . . . . . . . . . . 7
88 2.3 Client to KDC . . . . . . . . . . . . . . . . . . . . . . 7
89 2.4 KDC to Client . . . . . . . . . . . . . . . . . . . . . . 8
90 3. Pre-Authentication Facilities . . . . . . . . . . . . . . . . 9
91 3.1 Client Authentication . . . . . . . . . . . . . . . . . . 10
92 3.2 Strengthen Reply Key . . . . . . . . . . . . . . . . . . . 10
93 3.3 Replace Reply Key . . . . . . . . . . . . . . . . . . . . 11
94 3.4 Verify Response . . . . . . . . . . . . . . . . . . . . . 11
95 4. Requirements for Pre-Authentication Mechanisms . . . . . . . . 12
96 5. Tools for Use in Pre-Authentication Mechanisms . . . . . . . . 13
97 5.1 Combine Keys . . . . . . . . . . . . . . . . . . . . . . . 13
98 5.2 Signing Requests/Responses . . . . . . . . . . . . . . . . 13
99 5.3 Managing State for the KDC . . . . . . . . . . . . . . . . 13
100 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14
101 7. Security Considerations . . . . . . . . . . . . . . . . . . . 15
102 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 16
103 Author's Address . . . . . . . . . . . . . . . . . . . . . . . 17
104 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 17
105 9.1 Normative References . . . . . . . . . . . . . . . . . . . . 17
106 9.2 Informative References . . . . . . . . . . . . . . . . . . . 17
107 A. Todo List . . . . . . . . . . . . . . . . . . . . . . . . . . 18
108 Intellectual Property and Copyright Statements . . . . . . . . 19
127 Hartman Expires January 17, 2005 [Page 2]
128 Internet-Draft Kerberos Preauth Framework July 2004
132 1. Introduction
135 The core Kerberos specification treats pre-authentication data as an
136 opaque typed hole in the messages to the KDC that may influence the
137 reply key used to encrypt the KDC response. This generality has been
138 useful: pre-authentication data is used for a variety of extensions
139 to the protocol, many outside the expectations of the initial
140 designers. However, this generality makes designing the more common
141 types of pre-authentication mechanisms difficult. Each mechanism
142 needs to specify how it interacts with other mechanisms. Also,
143 problems like combining a key with the long-term secret or proving
144 the identity of the user are common to multiple mechanisms. Where
145 there are generally well-accepted solutions to these problems, it is
146 desirable to standardize one of these solutions so mechanisms can
147 avoid duplication of work. In other cases, a modular approach to
148 these problems is appropriate. The modular approach will allow new
149 and better solutions to common pre-authentication problems to be used
150 by existing mechanisms as they are developed.
153 This document specifies a framework for Kerberos pre-authentication
154 mechanisms. IT defines the common set of functions
155 pre-authentication mechanisms perform as well as how these functions
156 affect the state of the request and response. In addition several
157 common tools needed by pre-authentication mechanisms are provided.
158 Unlike [3], this framework is not complete--it does not describe all
159 the inputs and outputs for the pre-authentication mechanisms.
160 Mechanism designers should try to be consistent with this framework
161 because doing so will make their mechanisms easier to implement.
162 Kerberos implementations are likely to have plugin architectures for
163 pre-authentication; such architectures are likely to support
164 mechanisms that follow this framework plus commonly used extensions.
167 This document should be read only after reading the documents
168 describing the Kerberos cryptography framework [3] and the core
169 Kerberos protocol [2]. This document freely uses terminology and
170 notation from these documents without reference or further
171 explanation.
187 Hartman Expires January 17, 2005 [Page 3]
188 Internet-Draft Kerberos Preauth Framework July 2004
192 2. Model for Pre-Authentication
195 when a Kerberos client wishes to obtain a ticket using the
196 authentication server, it sends an initial AS request. If
197 pre-authentication is being used, then the KDC will respond with a
198 KDC_ERR_PREAUTH_REQUIRED error. Alternatively, if the client knows
199 what pre-authentication to use, it MAY optimize a round-trip and send
200 an initial request with padata included. If the client includes the
201 wrong padata, the server MAY return KDC_ERR_PREAUTH_FAILED with no
202 indication of what padata should have been included. For
203 interoperability reasons, clients that include optimistic
204 pre-authentication MUST retry with no padata and examine the
205 KDC_ERR_PREAUTH_REQUIRED if they receive a KDC_ERR_PREAUTH_FAILED in
206 response to their initial optimistic request.
209 The KDC maintains no state between two requests; subsequent requests
210 may even be processed by a different KDC. On the other hand, the
211 client treats a series of exchanges with KDCs as a single
212 authentication session. Each exchange accumulates state and
213 hopefully brings the client closer to a successful authentication.
216 These models for state management are in apparent conflict. For many
217 of the simpler pre-authentication scenarios, the client uses one
218 round trip to find out what mechanisms the KDC supports. Then the
219 next request contains sufficient pre-authentication for the KDC to be
220 able to return a successful response. For these simple scenarios,
221 the client only sends one request with pre-authentication data and so
222 the authentication session is trivial. For more complex
223 authentication sessions, the KDC needs to provide the client with a
224 cookie to include in future requests to capture the current state of
225 the authentication session. Handling of multiple round-trip
226 mechanisms is discussed in Section 5.3.
229 This framework specifies the behavior of Kerberos pre-authentication
230 mechanisms used to identify users or to modify the reply key used to
231 encrypt the KDC response. The padata typed hole may be used to carry
232 extensions to Kerberos that have nothing to do with proving the
233 identity of the user or establishing a reply key. These extensions
234 are outside the scope of this framework. However mechanisms that do
235 accomplish these goals should follow this framework.
238 This framework specifies the minimum state that a Kerberos
239 implementation needs to maintain while handling a request in order to
240 process pre-authentication. It also specifies how Kerberos
241 implementations process the pre-authentication data at each step of
242 the AS request process.
249 Hartman Expires January 17, 2005 [Page 4]
250 Internet-Draft Kerberos Preauth Framework July 2004
254 2.1 Information Managed by Model
257 The following information is maintained by the client and KDC as each
258 request is being processed:
259 o The reply key used to encrypt the KDC response
260 o How strongly the identity of the client has been authenticated
261 o Whether the reply key has been used in this authentication session
262 o Whether the reply key has been replaced in this authentication
263 session
264 o Whether the contents of the KDC response can be verified by the
265 client principal
266 o Whether the contents of the KDC response can be verified by the
267 client machine
270 Conceptually, the reply key is initially the long-term key of the
271 principal. However, principals can have multiple long-term keys
272 because of support for multiple encryption types, salts and
273 string2key parameters. As described in section 5.2.7.5 of the
274 Kerberos protocol [2], the KDC sends PA-ETYPe-INFO2 to notify the
275 client what types of keys are available. Thus in full generality,
276 the reply key in the pre-authentication model is actually a set of
277 keys. At the beginning of a request, it is initialized to the set of
278 long-term keys advertised in the PA-ETYPE-INFO2 element on the KDC.
279 If multiple reply keys are available, the client chooses which one to
280 use. Thus the client does not need to treat the reply key as a set.
281 At the beginning of a handling a request, the client picks a reply
282 key to use.
285 KDC implementations MAY choose to offer only one key in the
286 PA-ETYPE-INFO2 element. Since the KDC already knows the client's
287 list of supported enctypes from the request, no interoperability
288 problems are created by choosing a single possible reply key. This
289 way, the KDC implementation avoids the complexity of treating the
290 reply key as a set.
293 At the beginning of handling a message on both the client and KDC,
294 the client's identity is not authenticated. A mechanism may indicate
295 that it has successfully authenticated the client's identity. This
296 information is useful to keep track of on the client in order to
297 know what pre-authentication mechanisms should be used. The KDC
298 needs to keep track of whether the client is authenticated because
299 the primary purpose of pre-authentication is to authenticate the
300 client identity before issuing a ticket. Implementations that have
301 pre-authentication mechanisms offering significantly different
302 strengths of client authentication MAY choose to keep track of the
303 strength of the authentication used as an input into policy
304 decisions. For example, some principals might require strong
305 pre-authentication, while less sensitive principals can use
310 Hartman Expires January 17, 2005 [Page 5]
311 Internet-Draft Kerberos Preauth Framework July 2004
315 relatively weak forms of pre-authentication like encrypted timestamp.
318 Initially the reply key has not been used. A pre-authentication
319 mechanism that uses the reply key either directly to encrypt or
320 checksum some data or indirectly in the generation of new keys MUST
321 indicate that the reply key is used. This state is maintained by the
322 client and KDC to enforce the security requirement stated in Section
323 3.3 that the reply key cannot be replaced after it is used.
326 Initially the reply key has not been replaced. If a mechanism
327 implements the Replace Reply Key facility discussed in Section 3.3,
328 then the state MUST be updated to indicate that the reply key has
329 been replaced. Once the reply key has been replaced, knowledge of the
330 reply key is insufficient to authenticate the client. The reply key
331 is marked replaced in exactly the same situations as the KDC reply
332 is marked as not being verified to the client principal. However,
333 while mechanisms can verify the KDC request to the client, once the
334 reply key is replaced, then the reply key remains replaced for the
335 remainder of the authentication session.
338 Without pre-authentication, the client knows that the KDC request is
339 authentic and has not been modified because it is encrypted in the
340 long-term key of the client. Only the KDC and client know that key.
341 So at the start of handling any message the KDC request is presumed
342 to be verified to the client principal. Any pre-authentication
343 mechanism that sets a new reply key not based on the principal's
344 long-term secret MUST either verify the KDC response some other way
345 or indicate that the response is not verified. If a mechanism
346 indicates that the response is not verified then the client
347 implementation MUST return an error unless a subsequent mechanism
348 verifies the response. The KDC needs to track this state so it can
349 avoid generating a response that is not verified.
352 The typical Kerberos request does not provide a way for the client
353 machine to know that it is talking to the correct KDC. Someone who
354 can inject packets into the network between the client machine and
355 the KDC and who knows the password that the user will give to the
356 client machine can generate a KDC response that will decrypt
357 properly. So, if the client machine needs to authenticate that the
358 user is in fact the named principal, then the client machine needs to
359 do a TGS request for itself as a service. Some pre-authentication
360 mechanisms may provide a way for the client to authenticate the KDC.
361 Examples of this include signing the response with a well-known
362 public key or providing a ticket for the client machine as a service
363 in addition to the requested ticket.
371 Hartman Expires January 17, 2005 [Page 6]
372 Internet-Draft Kerberos Preauth Framework July 2004
376 2.2 The Preauth_Required Error
379 Typically a client starts an authentication session by sending an
380 initial request with no pre-authentication. If the KDC requires
381 pre-authentication, then it returns a KDC_ERR_PREAUTH_REQUIRED
382 message. This message MAY also be returned for pre-authentication
383 configurations that use multi-round-trip mechanisms. This error
384 contains a sequence of padata. Typically the padata contains the
385 pre-authentication type IDs of all the available pre-authentication
386 mechanisms. IN the initial error response, most mechanisms do not
387 contain data. If a mechanism requires multiple round trips or starts
388 with a challenge from the KDC to the client, then it will likely
389 contain data in the initial error response.
392 The KDC SHOULD NOT send data that is encrypted in the long-term
393 password-based key of the principal. Doing so has the same security
394 exposures as the Kerberos protocol without pre-authentication. There
395 are few situations where pre-authentication is desirable and where
396 the KDC needs to expose ciphertext encrypted in a weak key before the
397 client has proven knowledge of that key.
400 In order to generate the error response, the KDC first starts by
401 initializing the pre-authentication state. Then it processes any
402 padata in the client's request in the order provided by the client.
403 Mechanisms that are not understood by the KDC are ignored.
404 Mechanisms that are inappropriate for the client principal or request
405 SHOULD also be ignored. Next, it generates padata for the error
406 response, modifying the pre-authentication state appropriately as
407 each mechanism is processed. The KDC chooses the order in which it
408 will generated padata (and thus the order of padata in the response),
409 but it needs to modify the pre-authentication state consistently with
410 the choice of order. For example, if some mechanism establishes an
411 authenticated client identity, then the mechanisms subsequent in the
412 generated response receive this state as input. After the padata is
413 generated, the error response is sent.
416 2.3 Client to KDC
419 This description assumes a client has already received a
420 KDC_ERR_PREAUTH_REQUIRED from the KDC. If the client performs
421 optimistic pre-authentication then the client needs to optimisticly
422 choose the information it would normally receive from that error
423 response.
426 The client starts by initializing the pre-authentication state as
427 specified. It then processes the pdata in the
428 KDC_ERR_PREAUTH_REQUIRED.
434 Hartman Expires January 17, 2005 [Page 7]
435 Internet-Draft Kerberos Preauth Framework July 2004
439 After processing the pdata in the KDC error, the client generates a
440 new request. It processes the pre-authentication mechanisms in the
441 order in which they will appear in the next request, updating the
442 state as appropriate. When the request is complete it is sent.
445 2.4 KDC to Client
448 When a KDC receives an AS request from a client, it needs to
449 determine whether it will respond with an error or a AS reply.
450 There are many causes for an error to be generated that have nothing
451 to do with pre-authentication; they are discussed in the Kerberos
452 specification.
455 From the standpoint of evaluating the pre-authentication, the KDC
456 first starts by initializing the pre-authentication state. IT then
457 processes the padata in the request. AS mentioned in Section 2.2,
458 the KDC MAY ignore padata that is inappropriate for the configuration
459 and MUST ignore padata of an unknown type.
462 At this point the KDC decides whether it will issue a
463 pre-authentication required error or a reply. Typically a KDC will
464 issue a reply if the client's identity has been authenticated to a
465 sufficient degree. The processing of the pre-authentication required
466 error is described in Section 2.2.
469 The KDC generates the pdata modifying the pre-authentication state as
470 necessary. Then it generates the final response, encrypting it in
471 the current pre-authentication reply key.
496 Hartman Expires January 17, 2005 [Page 8]
497 Internet-Draft Kerberos Preauth Framework July 2004
501 3. Pre-Authentication Facilities
504 Pre-Authentication mechanisms can be thought of as providing various
505 conceptual facilities. This serves two useful purposes. First,
506 mechanism authors can choose only to solve one specific small
507 problem. It is often useful for a mechanism designed to offer key
508 management not to directly provide client authentication but instead
509 to allow one or more other mechanisms to handle this need. Secondly,
510 thinking about the abstract services that a 2mechanism provides
511 yields a minimum set of security requirements that all mechanisms
512 providing that facility must meet. These security requirements are
513 not complete; mechanisms will have additional security requirements
514 based on the specific protocol they employ.
517 A mechanism is not constrained to only offering one of these
518 facilities. While such mechanisms can be designed and are sometimes
519 useful, many pre-authentication mechanisms implement several
520 facilities. By combining multiple facilities in a single mechanism,
521 it is often easier to construct a secure, simple solution than by
522 solving the problem in full generality. Even when mechanisms provide
523 multiple facilities, they need to meet the security requirements for
524 all the facilities they provide.
527 According to Kerberos extensibility rules (section 1.4.2 of the
528 Kerberos specification [2]), an extension MUST NOT change the
529 semantics of a message unless a recipient is known to understand that
530 extension. Because a client does not know that the KDC supports a
531 particular pre-authentication mechanism when it sends an initial
532 request, a preauth mechanism MUST NOT change the semantics of the
533 request in a way that will break a KDC that does not understand that
534 mechanism. Similarly, KDCs MUST not send messages to clients that
535 affect the core semantics unless the clients have indicated support
536 for the message.
539 The only state in this model that would break the interpretation of a
540 message is changing the expected reply key. If one mechanism changed
541 the reply key and a later mechanism used that reply key, then a KDC
542 that interpreted the second mechanism but not the first would fail to
543 interpret the request correctly. In order to avoid this problem,
544 extensions that change core semantics are typically divided into two
545 parts. The first part proposes a change to the core semantic--for
546 example proposes a new reply key. The second part acknowledges that
547 the extension is understood and that the change takes effect. Section
548 3.2 discusses how to design mechanisms that modify the reply key to
549 be split into a proposal and acceptance without requiring additional
550 round trips to use the new reply key in subsequent
551 pre-authentication. Other changes in the state described in Section
552 2.1 can safely be ignored by a KDC that does not understand a
557 Hartman Expires January 17, 2005 [Page 9]
558 Internet-Draft Kerberos Preauth Framework July 2004
562 mechanism. Mechanisms that modify the behavior of the request
563 outside the scope of this framework need to carefully consider the
564 Kerberos extensibility rules to avoid similar problems.
567 3.1 Client Authentication
570 The client authentication facility proves the identity of a user to
571 the KDC before a ticket is issued. Examples of mechanisms
572 implementing this facility include the encrypted timestamp facility
573 defined in Section 5.2.7.2 of the Kerberos specification [2] and the
574 single-use mechanism defined in [5]. Mechanisms that provide this
575 facility are expected to mark the client as authenticated.
578 Mechanisms implementing this facility SHOULD require the client to
579 prove knowledge of the reply key before transmitting a successful
580 KDC reply. Otherwise, an attacker can intercept the
581 pre-authentication exchange and get a reply to attack. One way of
582 proving the client knows the reply key is to implement the Replace
583 Reply Key facility along with this facility. The Pkinit mechanism
584 [6] implements Client Authentication along side Replace Reply Key.
587 If the reply key has been replaced, then mechanisms such as encrypted
588 timestamp that rely on knowledge of the reply key to authenticate the
589 client MUST NOT be used.
592 3.2 Strengthen Reply Key
595 Particularly, when dealing with keys based on passwords, it is
596 desirable to increase the strength of the key by adding additional
597 secrets to it. Examples of sources of additional secrets include the
598 results of a Diffie-Hellman key exchange or key bits from the output
599 of a smart card [5]. Typically these additional secrets are
600 converted into a Kerberos protocol key. Then they are combined with
601 the existing reply key as discussed in Section 5.1.
604 If a mechanism implementing this facility wishes to modify the reply
605 key before knowing that the other party in the exchange supports the
606 mechanism, it proposes modifying the reply key. The other party then
607 includes a message indicating that the proposal is accepted if it is
608 understood and meets policy. In many cases it is desirable to use
609 the new reply key for client authentication and for other facilities.
610 Waiting for the other party to accept the proposal and actually
611 modify the reply key state would add an additional round trip to the
612 exchange. Instead, mechanism designers are encouraged to include a
613 typed hole for additional padata in the message that proposes the
614 reply key change. The padata included in the typed hole are
615 generated assuming the new reply key. If the other party accepts the
616 proposal, then these padata are interpreted as if they were included
621 Hartman Expires January 17, 2005 [Page 10]
622 Internet-Draft Kerberos Preauth Framework July 2004
626 immediately following the proposal. The party generating the
627 proposal can determine whether the padata were processed based on
628 whether the proposal for the reply key is accepted.
631 The specific formats of the proposal message, including where padata
632 are are included is a matter for the mechanism specification.
633 Similarly, the format of the message accepting the proposal is
634 mechanism-specific.
637 Mechanisms implementing this facility and including a typed hole for
638 additional padata MUST checksum that padata using a keyed checksum or
639 encrypt the padata. Typically the reply key is used to protect the
640 padata. XXX If you are only minimally increasing the strength of the
641 reply key, this may give the attacker access to something too close
642 to the original reply key. However, binding the padata to the new
643 reply key seems potentially important from a security standpoint.
644 There may also be objections to this from a double encryption
645 standpoint because we also recommend client authentication facilities
646 be tied to the reply key.
649 3.3 Replace Reply Key
652 The Replace Reply Key facility replaces the key in which a successful
653 AS reply will be encrypted. This facility can only be used in
654 cases where knowledge of the reply key is not used to authenticate
655 the client. The new reply key MUST be communicated to the client and
656 KDC in a secure manner. Mechanisms implementing this facility MUST
657 mark the reply key as replaced in the pre-authentication state.
658 Mechanisms implementing this facility MUST either provide a mechanism
659 to verify the KDC reply to the client or mark the reply as unverified
660 in the pre-authentication state. Mechanisms implementing this
661 facility SHOULD NOT be used if a previous mechanism has used the
662 reply key.
665 As with the Strengthen Reply Key facility, Kerberos extensibility
666 rules require that the reply key not be changed unless both sides of
667 the exchange understand the extension. In the case of this facility
668 it will likely be more common for both sides to know that the
669 facility is available by the time that the new key is available to be
670 used. However, mechanism designers can use a container for padata in
671 a proposal message as discussed in Section 3.2 if appropriate.
674 3.4 Verify Response
684 Hartman Expires January 17, 2005 [Page 11]
685 Internet-Draft Kerberos Preauth Framework July 2004
689 4. Requirements for Pre-Authentication Mechanisms
692 State management for multi-round-trip mechs
693 Security interactions with other mechs
742 Hartman Expires January 17, 2005 [Page 12]
743 Internet-Draft Kerberos Preauth Framework July 2004
747 5. Tools for Use in Pre-Authentication Mechanisms
750 5.1 Combine Keys
753 5.2 Signing Requests/Responses
756 5.3 Managing State for the KDC
802 Hartman Expires January 17, 2005 [Page 13]
803 Internet-Draft Kerberos Preauth Framework July 2004
807 6. IANA Considerations
859 Hartman Expires January 17, 2005 [Page 14]
860 Internet-Draft Kerberos Preauth Framework July 2004
864 7. Security Considerations
867 Very little of the AS request is authenticated. Same for padata
868 in the reply or error. Discuss implications
869 Table of security requirements stated elsewhere in the document
917 Hartman Expires January 17, 2005 [Page 15]
918 Internet-Draft Kerberos Preauth Framework July 2004
922 8. Acknowledgements
974 Hartman Expires January 17, 2005 [Page 16]
975 Internet-Draft Kerberos Preauth Framework July 2004
979 9. References
982 9.1 Normative References
985 [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement
986 Levels", RFC 2119, BCP 14, March 1997.
989 [2] Neuman, C., Yu, T., Hartman, S. and K. Raeburn, "The Kerberos
990 Network Authentication Service (V5)",
991 draft-ietf-krb-wg-kerberos-clarifications-06.txt (work in
992 progress), June 2004.
995 [3] Raeburn, K., "Encryption and Checksum Specifications for
996 Kerberos 5", draft-ietf-krb-wg-crypto-03.txt (work in progress).
999 [4] Yergeau, F., "UTF-8, a transformation format of ISO 10646", RFC
1000 2279, January 1998.
1003 9.2 Informative References
1006 [5] Hornstein, K., Renard, K., Neuman, C. and G. Zorn, "Integrating
1007 Single-use Authentication Mechanisms with Kerberos",
1008 draft-ietf-krb-wg-kerberos-sam-02.txt (work in progress),
1009 October 2003.
1012 [6] Tung, B., Neuman, C., Hur, M., Medvinsky, A. and S. Medvinsky,
1013 "Public Key Cryptography for Initial Authentication in
1014 Kerberos", draft-ietf-cat-kerberos-pk-init-19.txt (work in
1015 progress), April 2004.
1019 Author's Address
1022 Sam hartman
1023 MIT
1026 EMail: hartmans@mit.edu
1042 Hartman Expires January 17, 2005 [Page 17]
1043 Internet-Draft Kerberos Preauth Framework July 2004
1047 Appendix A. Todo List
1050 Flesh out sections that are still outlines
1051 Discuss cookies and multiple-round-trip mechanisms.
1052 Talk about checksum contributions from each mechanism
1100 Hartman Expires January 17, 2005 [Page 18]
1101 Internet-Draft Kerberos Preauth Framework July 2004
1105 Intellectual Property Statement
1108 The IETF takes no position regarding the validity or scope of any
1109 Intellectual Property Rights or other rights that might be claimed to
1110 pertain to the implementation or use of the technology described in
1111 this document or the extent to which any license under such rights
1112 might or might not be available; nor does it represent that it has
1113 made any independent effort to identify any such rights. Information
1114 on the IETF's procedures with respect to rights in IETF Documents can
1115 be found in BCP 78 and BCP 79.
1118 Copies of IPR disclosures made to the IETF Secretariat and any
1119 assurances of licenses to be made available, or the result of an
1120 attempt made to obtain a general license or permission for the use of
1121 such proprietary rights by implementers or users of this
1122 specification can be obtained from the IETF on-line IPR repository at
1123 http://www.ietf.org/ipr.
1126 The IETF invites any interested party to bring to its attention any
1127 copyrights, patents or patent applications, or other proprietary
1128 rights that may cover technology that may be required to implement
1129 this standard. Please address the information to the IETF at
1130 ietf-ipr@ietf.org.
1134 Disclaimer of Validity
1137 This document and the information contained herein are provided on an
1138 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
1139 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
1140 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
1141 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
1142 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
1143 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
1147 Copyright Statement
1150 Copyright (C) The Internet Society (2004). This document is subject
1151 to the rights, licenses and restrictions contained in BCP 78, and
1152 except as set forth therein, the authors retain all their rights.
1156 Acknowledgment
1159 Funding for the RFC Editor function is currently provided by the
1160 Internet Society.
1165 Hartman Expires January 17, 2005 [Page 19]