| blob | 9dc5253ca43c9f2f171a7ecdbc1af2b0855fa240 |
2 PANA Working Group H. Tschofenig
3 Internet-Draft Siemens
4 Expires: January 10, 2005 V. Sankhla
5 University of Southern California
6 July 12, 2004
9 Bootstrapping Kerberos
10 draft-tschofenig-pana-bootstrap-kerberos-00
12 Status of this Memo
14 By submitting this Internet-Draft, I certify that any applicable
15 patent or other IPR claims of which I am aware have been disclosed,
16 and any of which I become aware will be disclosed, in accordance with
17 RFC 3668.
19 Internet-Drafts are working documents of the Internet Engineering
20 Task Force (IETF), its areas, and its working groups. Note that
21 other groups may also distribute working documents as
22 Internet-Drafts.
24 Internet-Drafts are draft documents valid for a maximum of six months
25 and may be updated, replaced, or obsoleted by other documents at any
26 time. It is inappropriate to use Internet-Drafts as reference
27 material or to cite them other than as "work in progress."
29 The list of current Internet-Drafts can be accessed at
30 http://www.ietf.org/ietf/1id-abstracts.txt.
32 The list of Internet-Draft Shadow Directories can be accessed at
33 http://www.ietf.org/shadow.html.
35 This Internet-Draft will expire on January 10, 2005.
37 Copyright Notice
39 Copyright (C) The Internet Society (2004). All Rights Reserved.
41 Abstract
43 This document proposes a mechanism to obtain a Kerberos Ticket
44 Granting Ticket based on a successful EAP authentication and key
45 agreement message exchange. The initial network access
46 authentication procedure based on EAP is ideal for this purpose.
47 This proposal allows Kerberos to be used within a local network
48 without relying on a global Kerberos infrastructure. It should allow
49 an incremental deployment of Kerberos and a wider distribution of
50 Kerberos into roaming environments.
54 Tschofenig & Sankhla Expires January 10, 2005 [Page 1]
55 \f
56 Internet-Draft Bootstrapping Kerberos July 2004
59 Table of Contents
61 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
62 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . 4
63 3. Problem Statement . . . . . . . . . . . . . . . . . . . . . 5
64 4. Solution Approach . . . . . . . . . . . . . . . . . . . . . 6
65 5. What are the advantages? . . . . . . . . . . . . . . . . . . 11
66 6. What are the disadvanges? . . . . . . . . . . . . . . . . . 12
67 7. Security Considerations . . . . . . . . . . . . . . . . . . 13
68 8. Open Issues . . . . . . . . . . . . . . . . . . . . . . . . 14
69 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . 16
70 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 17
71 10.1 Normative References . . . . . . . . . . . . . . . . . . . 17
72 10.2 Informative References . . . . . . . . . . . . . . . . . . 17
73 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 19
74 Intellectual Property and Copyright Statements . . . . . . . 20
110 Tschofenig & Sankhla Expires January 10, 2005 [Page 2]
111 \f
112 Internet-Draft Bootstrapping Kerberos July 2004
115 1. Introduction
117 Kerberos (see [RFC1510] and
118 [I-D.ietf-krb-wg-kerberos-clarifications]) is a well-known security
119 protocol which provides authentication, authorization and key
120 distribution and is used to secure a number of protocols - a list too
121 large to mention here. It is widely deployed in enterprise networks
122 where cross-realm authentication is not required at all or only to a
123 certain extend (in a environment with a hierarchical organizational
124 structure). In mobility environments Kerberos is, unfortunately, not
125 widely deployed since AAA protocols (such as RADIUS and DIAMETER),
126 which have different cross-realm (or inter-domain) signaling message
127 exchanges, are heavily used. The security properties of AAA
128 protocols and Kerberos also differ. The EAP key management framework
129 is described in [I-D.ietf-eap-keying]. This proposal tries to
130 combine the two protocols: Kerberos is used within the local network
131 and the AAA protocol is used as part of the network access
132 authentication and for communication between the visited network and
133 the home network.
166 Tschofenig & Sankhla Expires January 10, 2005 [Page 3]
167 \f
168 Internet-Draft Bootstrapping Kerberos July 2004
171 2. Terminology
173 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
174 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
175 document are to be interpreted as described in [RFC2119].
222 Tschofenig & Sankhla Expires January 10, 2005 [Page 4]
223 \f
224 Internet-Draft Bootstrapping Kerberos July 2004
227 3. Problem Statement
229 RADIUS [RFC2865] and DIAMETER [RFC3588] are used in an environment
230 where accounting and charging is an important functionality.
231 Kerberos was never designed to provide these features. Kerberos
232 provides cross-realm functionality in a way which is different to
233 EAP/AAA protocols. Even though the cross-realm authentication
234 approach used by Kerberos might provide better security properties
235 (such as denial of service protection) the EAP/AAA is gaining
236 importance.
238 By combining the functionality of AAA protocols (cross-realm/
239 inter-domain behavior, accounting functionality and the existing AAA
240 infrastructure) with the benefits of Kerberos (support by a number of
241 existing protocols, authorization capabilities, key distribution and
242 protection of messages) a number of advantages can be achieved.
244 Section 3.4.4 of [I-D.iab-research-funding] points to the importance
245 of providing solutions for inter-realm Kerberos deployments: 'The
246 need for scalable inter-domain user authentication is increasingly
247 acute as ad-hoc computing and mobile computing become more widely
248 deployed. Thus, work on scalable mechanisms for mobile, ad-hoc, and
249 non-hierarchical inter-domain authentication would be very helpful.'
278 Tschofenig & Sankhla Expires January 10, 2005 [Page 5]
279 \f
280 Internet-Draft Bootstrapping Kerberos July 2004
283 4. Solution Approach
285 At its abstract level this proposal suggests to start with a regular
286 AAA communication which might inludes the usage of EAP
287 [I-D.ietf-eap-rfc2284bis]. EAP acts as a container for a number of
288 authentication and key agreement mechanisms. The AAA infrastructure
289 is used to route, to transport and to secure AAA messages and their
290 payloads. As a result of the network access authentication the user
291 is authenticated to its home AAA server (in the subscription based
292 scenario) and the AAA protocol is ready to exchange collected
293 accounting records. In addition to this exchange the visited network
294 (to which the user's device is attached) receives the gurantee
295 through the execution of the AAA protocol and the AAA infrastructure
296 (roaming agreements etc.) that the home network can be hold liable
297 for the payment for the consumed resources by the end user.
299 Subsequently to a successful authentication and authorization the AAA
300 protocol does not only transmit a session key to the AAA attendant
301 but also creates a Kerberos Ticket Granting Ticket (TGT). This TGT
302 is only valid for the local network and is sent to the end host. The
303 session key is only sent to the Authenticator and not to the end host
304 whereas the TGT has to be made available to the end host itself. A
305 protocol between the end host and the Authenticator is therefore
306 required to carry the TGT.
308 Using the obtained TGT the user is able to request further service
309 tickets using a standard Kerberos service ticket request. A user
310 might also request service tickets for various applications, to
311 secure infrastructure services (DHCP, SLP, DNS, etc.), to secure QoS
312 signaling protocols (see [RFC3182] for RSVP security based on
313 Kerberos) or might even request a service ticket to subsequently
314 execute KINK [I-D.ietf-kink-kink] for the purpose of establishing
315 IPsec security associations.
317 Figure 1 shows a typical message exchange executed when an end host
318 moves to a new network. First, in step (1) some sort of address
319 configuration procedure takes place. If the network access
320 authentication procedure is executed as part of the link layer
321 protocol as for example in IEEE 802.11 then address configuration is
322 executed after step (2). The network access procedure (2) might
323 require many roundtrips depending on the authentication and key
324 exchange protocol used. Finally, after a sucessful completion of the
325 protocol exchange a TGT is attached to the final message and send to
326 the end host in step (3). This requires an additional Radius/
327 Diameter attribute to carry the TGT from the local AAA server (if we
328 assume that it is created at the local AAA server), which is assumed
329 to be co-located with the Kerberos Authentication Server (labeled as
330 KDC in Figure 1). Co-locating these two entities is done mainly for
334 Tschofenig & Sankhla Expires January 10, 2005 [Page 6]
335 \f
336 Internet-Draft Bootstrapping Kerberos July 2004
339 simplicity reasons since an additional protocol would be required for
340 commuication rather than an API call. The TGT must, additionally, be
341 sent from the AAA attendant to the end host. Subsequently Kerberos
342 service tickets can be requested using the standard Kerberos message
343 exchange (step (4)).
345 FOR DISCUSSION: Should we create
347 o a Ticket Granting Ticket which is sent to the end host or
349 o bootstrap a security association (and in particular a session key)
350 which is then used by the end host to request the Ticket Granting
351 Ticket.
353 The latter approach would not modify the inital TGT Kerberos
354 exchange. Further issues are discussed in Section 8.
356 EAP acts as a container for a number of authentication and key
357 exchange protocols. As such some observations have to be made
358 concerning the properties of the used mechanisms: Since the Ticket
359 Granting Ticket has to include the AAA distributed session key (key
360 field in the encrypted part of the ticket) this proposal requires an
361 EAP mechanism which provides session key distribution. This session
362 key is then used by the end host to create an Authenticator for a
363 subsequent service ticket requests.
390 Tschofenig & Sankhla Expires January 10, 2005 [Page 7]
391 \f
392 Internet-Draft Bootstrapping Kerberos July 2004
395 +----+ +----------+ +------+ +----+
396 | | | AAA | |AAAL +| | |
397 |Host| | Attendant| | KDC | |AAAH|
398 +-+--+ +-----+----+ +--+---+ +-+--+
399 | | | |
400 +-----------------+ | | |
401 | Address | | | |
402 | Configuration | | | |
403 | Procedure (1) | | | |
404 +-----------------+ | | |
405 | | | |
406 +--+-------------------+----------------+----------------+--+
407 | | Network Access Authentication | |
408 | | and | |
409 | | Session key distribtion based on | |
410 | |<------------- successful authentication (2) ------>| |
411 | | | |
412 | | Ticket Granting Ticket | |
413 | | Delivery (3) | |
414 | |<-----------------------------------+ | |
415 | | | |
416 +--+-------------------+----------------+----------------+--+
417 | | | |
418 +-------------------+----------------+ |
419 | Standard Kerberos Service Ticket | |
420 | Request/Reply (TGS_REQ/TGS_REP) | (4) |
421 +-------------------+----------------+ |
422 | | | |
424 Figure 1: Message Flow
426 Figure 2 shows a Ticket Granting Ticket with the relevant fields.
427 The ticket consists of two parts - one unencrypted and an encrypted
428 part. The unencrypted part contains only information for the
429 recepient (in our case for the Ticket Granting Server) to be able to
430 recognize a ticket for which a key to decrypt the ticket is
431 available. In the described case these fields contain the ticket
432 version number, the realm name of the visited network and the
433 principal name of the Ticket Granting Server (TGS). The remaining
434 fields of the ticket are encrypted with the key known only to the TGS
435 and the Authentication Server (AS). Note that the AS is co-located
436 with the local AAA server in our scenario. The encrypted part of the
437 ticket contains information about the user's realm and its identity
438 which are obtained from the initial authentication procedure. The
439 flags field contains a flag which provides an indication of this
440 Kerberos bootstrapping procedure to differentiate it to a regular
441 AS_REQ/AS_REP exchange. The key field is important since it contains
442 the session key distributed during the initial authentication
446 Tschofenig & Sankhla Expires January 10, 2005 [Page 8]
447 \f
448 Internet-Draft Bootstrapping Kerberos July 2004
451 procedure as described in Figure 1 in step (2). This session key is
452 subsequently only relevant for the TGS. For service authentication
453 between the end host and application servers and new service ticket
454 has to be requested from the TGS using a standard Kerberos TGS_REQ/
455 TGS_REP message exchange.
457 Note that a protocol is required to carry the EAP messages and the
458 TGT from the AAA attendant to the end host. Such a protocol is
459 required to exchange the necessary parameters. This document does
460 not mandate a particular protocol. However, PANA
461 [I-D.ietf-pana-pana] is suitable for this purpose since it is a
462 flexbile and extensible protocol and allows the secure exchange of
463 parameters between the end host and the network.
466 +-------------------------------------------------+
467 Unencrypted | Ticket Version Number |
468 part of | Realm that issued a ticket |
469 the ticket | Server's Principal Name (sname) |
470 +-------------------------------------------------+
471 | Flags |
472 | Key |
473 | Realm in which the client is registered (crealm)|
474 | Client's principal identifier (cname) |
475 Encrypted | Transited Realms |
476 part of | Time of initial authentication (authtime) |
477 the ticket | Starttime |
478 (with a key known | Endtime |
479 to the TGS) | Renew-till |
480 | Hostaddress(es) (caddr) |
481 | Authorization-data |
482 +-------------------------------------------------+
484 Figure 2: Ticket Granting Ticket Content
486 It is important to highlight that the proposal described in this
487 document makes an assumption which has to be satisified in order for
488 this bootstrapping mechanism to work:
490 The authentication and key exchange protocol shown in Figure 1 (step
491 2) assumes that a session key is distributed and after a successful
492 protocol execution established between the end host and the AAA
493 attendant. The session key distribution with the help of AAA also
494 allows the local AAA server to learn the session key. Since the
495 Ticket Granting Ticket requires a session key to be placed in the Key
496 field as shown in Figure 2. Hence authentication and key exchange
497 protocol which do not establish a session key between the end host
498 and the local network (AAA attendant/local AAA server) cannot be used
502 Tschofenig & Sankhla Expires January 10, 2005 [Page 9]
503 \f
504 Internet-Draft Bootstrapping Kerberos July 2004
507 for bootstrapping a Kerberos Ticket Granting Ticket.
509 Additionally it should be noted that the proposed bootstrapping
510 protocol does not necessarily require the execution of a EAP
511 protocol. Protocols such as described in [I-D.perkins-aaav6], in
512 [I-D.mun-aaa-dbu-mobileipv6] and in [I-D.le-aaa-diameter-mobileipv6]
513 would also provide the desired functionality without relying on EAP
514 methods for authentication. Instead a custom authenthication and key
515 exchange protocol is defined. Even the protocols developed in the
516 SACRED working group would provide the necessary pre-requisity to
517 return a Ticket Granting Ticket and to use this proposal. To focus
518 on an increasingly common deployment environment we have focused on
519 EAP.
558 Tschofenig & Sankhla Expires January 10, 2005 [Page 10]
559 \f
560 Internet-Draft Bootstrapping Kerberos July 2004
563 5. What are the advantages?
565 The authors think that this proposal has the following advantages:
567 o A large number of protocols support Kerberos as an authentication
568 and key distribution protocol. Enabling Kerberos to be used for
569 these environments would also enable these protocols to be secured
570 with Kerberos.
572 o Initial cross-realm/inter-domain authentication can be done using
573 an arbitrary protocol (in case of EAP).
575 o Kerberos relies on symmetric keys (ignoring PKINIT
576 [I-D.ietf-cat-kerberos-pk-init] and PKCROSS
577 [I-D.ietf-cat-kerberos-pk-cross]) for authentication and key
578 distribution. The usage of symmetric keys is highly efficient and
579 the risk of denial of service attacks often found in public key
580 based protocols is reduced.
582 o Kerberos tickets are designed to allow authorization information
583 to be added to the ticket itself. Authorization information can
584 be added by the KDC and allows services to base their access
585 control policies not only on the identity of the principal.
587 o When passwords are used with Kerberos (without PKINIT or other
588 mechanisms) then there might be a vulnerability to dictionary
589 attacks. Replacing the AS exchange with an EAP authentication
590 this vulnerability can be prevented. Note that this assumes that
591 the chosen EAP method is not vulnerable to dictionary attacks.
593 o Some EAP methods provide user identity confidentiality of the EAP
594 peer against either active or passive adversaries. If a Kerberos
595 Ticket Granting Ticket is created with the help of the EAP derived
596 key and the user identity is not copied to the Ticket Granting
597 Ticket then there is no indication for an eavesdropper about the
598 identity of a user. This approach therefore adds user identity
599 confidentiality to Kerberos.
614 Tschofenig & Sankhla Expires January 10, 2005 [Page 11]
615 \f
616 Internet-Draft Bootstrapping Kerberos July 2004
619 6. What are the disadvanges?
621 Despite the advantages listed in the previous section there are some
622 disadvantages or constraints with the following proposal:
624 o A Kerberos implementation has to be supported by end hosts.
626 o Kerberos heavily relies on timestamps. If the clocks of the end
627 host and the various servers in the access network suffer from a
628 clock-drift then some procedure is required for clock-
629 synchronization. Such procedures are for example described
630 in[I-D.ietf-krb-wg-kerberos-clarifications]. It requires further
631 investigation whether a secure time distribution mechanism should
632 be included in this proposal.
670 Tschofenig & Sankhla Expires January 10, 2005 [Page 12]
671 \f
672 Internet-Draft Bootstrapping Kerberos July 2004
675 7. Security Considerations
677 The security of the proposed mechanism relies on the selected EAP
678 mechanism, on Kerberos and on the AAA key distribution mechanism. A
679 security analysis of different EAP methods is outside the scope of
680 this document. It is assumed that the AAA key distribution
681 mechanism, the selected EAP method and Kerberos is secure.
683 Hence this section can only describe threats related to the proposed
684 distribution of the TGT.
686 Stealing of the TGT:
688 An adversary might eavesdrop on the wireless link between the end
689 host and the AAA attendant to learn the exchanged TGT. Without
690 confidentiality protection of the TGT an adversary might be able
691 to retrieve the TGT. Since the TGT is encrypted with the key of
692 the ticket granting server (TGS). It is assumed that this key has
693 sufficient length.This assures that an adversary is able to learn
694 the encrypted content of the ticket. Hence we can conclude that
695 an adversary might not be able to request further service tickets
696 only based on the knowledge of the ticket granting ticket. This
697 is inline with the basic principles of Kerberos.
700 Modification of the TGT:
702 An adversary might want to modify the content of the TGT. A TGS
703 would immediately detect such a modification because most parts of
704 the ticket are encrypted. The unencrypted parts only contain
705 information about the TGS and its realm and are useless for an
706 adversary.
709 Replay of the TGT:
711 An adverary (malicious end host) might want to reuse a TGT of a
712 previous message exchange. Since the TGT contains a lifetime
713 field it is not possible to use TGTs with an expired lifetime. In
714 order to request a service ticket the end host has to know the
715 session key to build an Authenticator.
726 Tschofenig & Sankhla Expires January 10, 2005 [Page 13]
727 \f
728 Internet-Draft Bootstrapping Kerberos July 2004
731 8. Open Issues
733 This section lists some open issues which have been identified during
734 the work on this approach:
736 o Packet formats (e.g., AAA AVP, PANA AVPs, etc.) are missing.
738 o As an alternative to provide the end host (i.e., user) with a TGT
739 it would be possible to create a tentaive user account at the KDC.
740 This allows the end host to request a TGT and subsequently service
741 tickets. This approach would not require a TGT to be transferred
742 to the end host with the initial AAA exchange.
744 o In order to provide a service ticket to run KINK for achieving
745 secure network access an additional roundtrip is required.
746 Solutions are possible which allow the establishment of an IPsec
747 security association with a fewer number of roundtrips.
749 o Should it be possible to request more than a TGT (for example a
750 service ticket for secure network access) with the help of this
751 proposal?
753 o It might be helpful to have a flag inside the ticket to indicate
754 that the ticket presented to a server was not obtained by a
755 regular AS exchange but rather with this bootstapping mechanism.
757 o It would also be possible to provide the client with a secure
758 network time by protecting the timestamp as part of a PANA
759 exchange.
761 o Should the proposed extension return a full AS_REP instead of only
762 the TGT? This would allow the end host to learn the current time
763 based on the information inside the ticket. The TGT also contains
764 time information but it is not accessible for the end host (i.e.
765 it is included in the encrypted part).
767 o In this proposal the TGT is created at the local AAA server.
768 Therefore the local AAA server needs to wait until a succuessful
769 network access authentication indication is available. The
770 EAP-Success message indicates a succesful EAP method protocol run.
771 Hence, it is necessary for the AAA server to bind the EAP run to
772 the TGT. Furthermore, the local AAA server needs to inspect the
773 session key transferred with the AAA attribute in order to create
774 the TGT. More details need to be provided. It might be possible
775 to create the TGT at the Authenticator itself rather than in the
776 local AAA server. This would, however, cause an increase in the
777 number of entities which need to be trusted by the KDC.
782 Tschofenig & Sankhla Expires January 10, 2005 [Page 14]
783 \f
784 Internet-Draft Bootstrapping Kerberos July 2004
787 o Finally, it might be possible to replace this entire bootstrapping
788 mechanism with a new AS_REQ/AS_REP protocol exchange which uses
789 EAP. This exchange could use EAP and the KDC would act as the
790 Authenticator in the EAP architecture. The main advantage of this
791 approach is achieved by protocol separation. A full EAP roundtrip
792 might not be required since the local AAA server might have stored
793 the session key of the previous protocol run already.
795 o Some discussions with regard to the EAP keying framework should go
796 in Section 7. A future version of this document will contain a
797 formal verification of the proposed approach.
799 o The relationship with the work done in the 3GPP Bootstrapping
800 architecture and the SACRED work needs to be described.
838 Tschofenig & Sankhla Expires January 10, 2005 [Page 15]
839 \f
840 Internet-Draft Bootstrapping Kerberos July 2004
843 9. Acknowledgments
845 We would like to thank Guenther Horn, Dirk Kroeselberg and Wolfgang
846 Buecker for their comments to this draft.
848 Furthermore, Hannes Tschofenig would like to thank Derek Atkins for
849 discussions with an older version of this draft (more than a year
850 ago).
852 Jorge Cuellar encourage us to publish this document.
894 Tschofenig & Sankhla Expires January 10, 2005 [Page 16]
895 \f
896 Internet-Draft Bootstrapping Kerberos July 2004
899 10. References
901 10.1 Normative References
903 [I-D.ietf-eap-rfc2284bis]
904 Blunk, L., Carlson, J. and B. Aboba, "Extensible
905 Authentication Protocol (EAP)",
906 draft-ietf-eap-rfc2284bis-09 (work in progress), February
907 2004, <reference.I-D.ietf-eap-rfc2284bis.xml>.
909 [I-D.ietf-pana-pana]
910 Forsberg, D., Ohba, Y., Patil, B., Tschofenig, H. and A.
911 Yegin, "Protocol for Carrying Authentication for Network
912 Access (PANA)", draft-ietf-pana-pana-04 (work in
913 progress), May 2004, <reference.I-D.ietf-pana-pana.xml>.
915 [RFC1510] Kohl, J. and B. Neuman, "The Kerberos Network
916 Authentication Service (V5)", RFC 1510, September 1993,
917 <reference.RFC.1510.xml>.
919 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
920 Requirement Levels", March 1997.
922 [RFC2865] Rigney, C., Willens, S., Rubens, A. and W. Simpson,
923 "Remote Authentication Dial In User Service (RADIUS)", RFC
924 2865, June 2000.
926 [RFC3588] Calhoun, P., Loughney, J., Guttman, E., Zorn, G. and J.
927 Arkko, "Diameter Base Protocol", RFC 3588, September 2003,
928 <reference.RFC.3588.xml>.
930 10.2 Informative References
932 [I-D.iab-research-funding]
933 Atkinson, R. and S. Floyd, "IAB Concerns & Recommendations
934 Regarding Internet Research & Evolution",
935 draft-iab-research-funding-03 (work in progress), May
936 2004, <reference.I-D.iab-research-funding.xml>.
938 [I-D.ietf-cat-kerberos-pk-cross]
939 Tsudik, G., Neuman, C., Sommerfeld, B., Tung, B., Hur, M.,
940 Ryutov, T. and A. Medvinsky, "Public Key Cryptography for
941 Cross-Realm Authentication in Kerberos",
942 draft-ietf-cat-kerberos-pk-cross-08 (work in progress),
943 November 2001,
944 <reference.I-D.ietf-cat-kerberos-pk-cross.xml>.
946 [I-D.ietf-cat-kerberos-pk-init]
950 Tschofenig & Sankhla Expires January 10, 2005 [Page 17]
951 \f
952 Internet-Draft Bootstrapping Kerberos July 2004
955 Tung, B., Neuman, C., Hur, M., Medvinsky, A., Medvinsky,
956 S., Wray, J. and J. Trostle, "Public Key Cryptography for
957 Initial Authentication in Kerberos",
958 draft-ietf-cat-kerberos-pk-init-19 (work in progress),
959 April 2004, <reference.I-D.ietf-cat-kerberos-pk-init.xml>.
961 [I-D.ietf-eap-keying]
962 Aboba, B., "EAP Key Management Framework",
963 draft-ietf-eap-keying-01 (work in progress), October 2003,
964 <reference.I-D.ietf-eap-keying.xml>.
966 [I-D.ietf-kink-kink]
967 Thomas, M. and J. Vilhuber, "Kerberized Internet
968 Negotiation of Keys (KINK)", draft-ietf-kink-kink-05 (work
969 in progress), January 2003,
970 <reference.I-D.ietf-kink-kink.xml>.
972 [I-D.ietf-krb-wg-kerberos-clarifications]
973 Neuman, C., "The Kerberos Network Authentication Service
974 (V5)", draft-ietf-krb-wg-kerberos-clarifications-05 (work
975 in progress), February 2004,
976 <reference.I-D.ietf-krb-wg-kerberos-clarifications.xml>.
978 [I-D.le-aaa-diameter-mobileipv6]
979 Faccin, S., "Diameter Mobile IPv6 Application",
980 draft-le-aaa-diameter-mobileipv6-03 (work in progress),
981 April 2003,
982 <reference.I-D.le-aaa-diameter-mobileipv6.xml>.
984 [I-D.mun-aaa-dbu-mobileipv6]
985 Kim, M. and Y. Mun, "Dynamic Binding Update using AAA",
986 draft-mun-aaa-dbu-mobileipv6-00 (work in progress),
987 December 2002, <reference.I-D.mun-aaa-dbu-mobileipv6.xml>.
989 [I-D.perkins-aaav6]
990 Perkins, C., Flykt, P. and T. Eklund, "AAA for IPv6
991 Network Access", draft-perkins-aaav6-06 (work in
992 progress), May 2003, <reference.I-D.perkins-aaav6.xml>.
994 [RFC3182] Yadav, S., Yavatkar, R., Pabbati, R., Ford, P., Moore, T.,
995 Herzog, S. and R. Hess, "Identity Representation for
996 RSVP", RFC 3182, October 2001, <reference.RFC.3182.xml>.
1006 Tschofenig & Sankhla Expires January 10, 2005 [Page 18]
1007 \f
1008 Internet-Draft Bootstrapping Kerberos July 2004
1011 Authors' Addresses
1013 Hannes Tschofenig
1014 Siemens
1015 Otto-Hahn-Ring 6
1016 Munich, Bayern 81739
1017 Germany
1019 EMail: Hannes.Tschofenig@siemens.com
1022 Vishal Sankhla
1023 University of Southern California
1024 1860N, Fuller Avenue, Apt 117
1025 Los Angeles, California 90046
1026 USA
1028 EMail: sankhla@usc.edu
1062 Tschofenig & Sankhla Expires January 10, 2005 [Page 19]
1063 \f
1064 Internet-Draft Bootstrapping Kerberos July 2004
1067 Intellectual Property Statement
1069 The IETF takes no position regarding the validity or scope of any
1070 Intellectual Property Rights or other rights that might be claimed to
1071 pertain to the implementation or use of the technology described in
1072 this document or the extent to which any license under such rights
1073 might or might not be available; nor does it represent that it has
1074 made any independent effort to identify any such rights. Information
1075 on the procedures with respect to rights in RFC documents can be
1076 found in BCP 78 and BCP 79.
1078 Copies of IPR disclosures made to the IETF Secretariat and any
1079 assurances of licenses to be made available, or the result of an
1080 attempt made to obtain a general license or permission for the use of
1081 such proprietary rights by implementers or users of this
1082 specification can be obtained from the IETF on-line IPR repository at
1083 http://www.ietf.org/ipr.
1085 The IETF invites any interested party to bring to its attention any
1086 copyrights, patents or patent applications, or other proprietary
1087 rights that may cover technology that may be required to implement
1088 this standard. Please address the information to the IETF at
1089 ietf-ipr@ietf.org.
1092 Disclaimer of Validity
1094 This document and the information contained herein are provided on an
1095 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
1096 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
1097 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
1098 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
1099 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
1100 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
1103 Copyright Statement
1105 Copyright (C) The Internet Society (2004). This document is subject
1106 to the rights, licenses and restrictions contained in BCP 78, and
1107 except as set forth therein, the authors retain all their rights.
1110 Acknowledgment
1112 Funding for the RFC Editor function is currently provided by the
1113 Internet Society.
1118 Tschofenig & Sankhla Expires January 10, 2005 [Page 20]
1119 \f