A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : The Windows 2000 RC4-HMAC Kerberos encryption type
Author(s) : M. Swift, J. Brezak
Filename : draft-brezak-win2k-krb-rc4-hmac-02.txt
Pages : 10
Date : 15-Nov-00
The Windows 2000 implementation of Kerberos introduces a new
encryption type based on the RC4 encryption algorithm and using an
MD5 HMAC for checksum. This is offered as an alternative to using
the existing DES based encryption types.
The RC4-HMAC encryption types are used to ease upgrade of existing
Windows NT environments, provide strong crypto (128-bit key
lengths), and provide exportable (meet United States government
export restriction requirements) encryption.
The Windows 2000 implementation of Kerberos contains new encryption
and checksum types for two reasons: for export reasons early in the
development process, 56 bit DES encryption could not be exported,
and because upon upgrade from Windows NT 4.0 to Windows 2000,
accounts will not have the appropriate DES keying material to do the
standard DES encryption. Furthermore, 3DES is not available for
export, and there was a desire to use a single flavor of encryption
in the product for both US and international products.
As a result, there are two new encryption types and one new checksum
type introduced in Windows 2000.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-brezak-win2k-krb-rc4-hmac-02.txt
Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
"get draft-brezak-win2k-krb-rc4-hmac-02.txt".
A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
Internet-Drafts can also be obtained by e-mail.
Send a message to:
[EMAIL PROTECTED]
In the body type:
"FILE /internet-drafts/draft-brezak-win2k-krb-rc4-hmac-02.txt".
NOTE: The mail server at ietf.org can return the document in
MIME-encoded form by using the "mpack" utility. To use this
feature, insert the command "ENCODING mime" before the "FILE"
command. To decode the response(s), you will need "munpack" or
a MIME-compliant mail reader. Different MIME-compliant mail readers
exhibit different behavior, especially when dealing with
"multipart" MIME messages (i.e. documents which have been split
up into multiple messages), so check your local documentation on
how to manipulate these messages.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
draft-brezak-win2k-krb-rc4-hmac-02.txt
