Kerberos (krb-wg) ----------------- Charter Last Modified: 2006-10-17 Current Status: Active Working Group Chair(s): Jeffrey Hutzelman Security Area Director(s): Tim Polk Sam Hartman Security Area Advisor: Sam Hartman Mailing Lists: General Discussion:ietf-krb-wg@anl.gov To Subscribe: majordomo@anl.gov In Body: subscribe ietf-krb-wg your_email_address Archive: ftp://ftp.ietf.org/ietf-mail-archive/krb-wg/ Description of Working Group: Kerberos over the years has been ported to virtually every operating system. There are at least two open source versions, with numerous commercial versions based on these and other proprietary implementations. Kerberos evolution has continued over the years, and interoperability has been problematic. A number of draft proposals have been issued concerning aspects of new or extended functionality. The group will strive to improve the interoperability of these systems while improving security. Specifically, the Working Group will: * Clarify and amplify the Kerberos specification (RFC 1510) to make sure interoperability problems encountered in the past that occurred because of unclear specifications do not happen again. The output of this process should be suitable for Draft Standard status. * Select from existing proposals on new or extended functionality those that will add significant value while improving interoperability and security, and publish these as one or more Proposed Standards. Goals and Milestones: Done First meeting Done Submit the Kerberos Extensions document to the IESG for consideration as a Proposed standard. Done Complete first draft of Pre-auth Framework Done Complete first draft of Extensions Done Submit K5-GSS-V2 document to IESG for consideration as a Proposed Standard Done Last Call on OCSP for PKINIT Done Consensus on direction for Change/Set password Done PKINIT to IESG Done Enctype Negotiation to IESG Done Last Call on PKINIT ECC Mar 2006 Review milestones Mar 2006 Issues identified for Anonymous Jun 2006 Major issues resolved on Extensions Aug 2006 Last Call on Extensions Aug 2006 Last Call on Referrals Sep 2006 Last Call on Change/Set password Internet-Drafts: Posted Revised I-D Title ------ ------- -------------------------------------------- Mar 2001 Mar 2007 Generating KDC Referrals to Locate Kerberos Realms May 2003 Mar 2007 Kerberos Set/Change Key/Password Protocol Version 2 Feb 2004 Mar 2007 A Generalized Framework for Kerberos Pre-Authentication Jan 2005 Mar 2007 The Kerberos Network Authentication Service (Version 5) Sep 2005 Mar 2007 ECC Support for PKINIT May 2006 Sep 2006 Extended Kerberos Version 5 Key Distribution Center (KDC) Exchanges Over TCP Jun 2006 Mar 2007 Anonymity Support for Kerberos Jun 2006 Mar 2007 Additional Kerberos Naming Constraints Jun 2006 Mar 2007 PK-INIT Cryptographic Algorithm Agility Nov 2006 Mar 2007 Kerberos Version 5 GSS-API Channel Binding Hash Agility Request For Comments: RFC Stat Published Title ------- -- ----------- ------------------------------------ RFC3962Standard Feb 2005 AES Encryption for Kerberos 5 RFC3961Standard Feb 2005 Encryption and Checksum Specifications for Kerberos 5 RFC4120Standard Jul 2005 The Kerberos Network Authentication Service (V5) RFC4121Standard Jul 2005 The Kerberos Version 5 Generic Security Service Application Program Interface (GSS-API) Mechanism: Version 2 RFC4537 PS Jun 2006 Kerberos Cryptosystem Negotiation Extension RFC4557 PS Jun 2006 Online Certificate Status Protocol (OCSP) Support for Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) RFC4556 PS Jun 2006 Public Key Cryptography for Initial Authentication in Kerberos (PKINIT)