I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART, please see the FAQ at < http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.
Please wait for direction from your document shepherd or AD before posting a new version of the draft. Document: draft-ietf-krb-wg-clear-text-cred-02 Reviewer: Kathleen M. Moriarty Review Date: 08-24-11 IETF LC End Date: 08-25-11 IESG Telechat date: 08-25-11 Summary: The document is ready with nits Major issues: Minor issues: Nits/editorial comments: Introduction: Consider changing from: There are applications which need to transfer Kerberos credentials between them without having a prior relationship with established Kerberos keys. To: "There are applications which need to transfer Kerberos credentials between them without having established a prior relationship with Kerberos keys." Consider breaking the following sentence into two sentences, it is a little difficult to read as a number of concepts are introduced within this one sentence: "In the SAML application, the Identity Provider (IdP) somehow obtains a Kerberos service ticket from the Kerberos Key Distribution Center (KDC) when required by the SAML system and transfers the credential to a Service Provider (SP) within an attribute statement." Security Considerations section: Consider changing the following From: The use of an unencrypted form of the KRB-CRED message MUST only be used with a transport where sender and recipient identities can been established to be known to each other. To: "The use of an unencrypted form of the KRB-CRED message MUST only be used with a transport where sender and recipient identities can been established and are known to each other. " Consider changing from: Examples of transports which MAY be securely used to transport an unencrypted KRB-CRED message would include Transport Layer Security (TLS) [RFC5246] where mutual authentication has been established and those encoded within encrypted and signed SAML Security Assertion Markup Language (SAML) 2.0 [OASIS.saml-core-2.0-os] statement. To: Examples of transports which MAY be securely used to transport an unencrypted KRB-CRED message would include Transport Layer Security (TLS) [RFC5246], where mutual authentication has been established, and a SAML Security Assertion Markup Language (SAML) 2.0 [OASIS.saml-core-2.0-os] statement that is encrypted and signed. Thanks, Kathleen _______________________________________________ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
