Hi.
In the writeup I asked Stephen to include a note that there is a
normative downreference to RFC 4757. RFC 4757 is informational.
This document recommends that implementations not implement some of the
algorithms in RFC 4757, thus creating a normative down-ref.
My opinion and that of the WG is
On 3/22/12 08:26 , The IESG wrote:
>
> The IESG has received a request from the Kerberos WG (krb-wg) to consider
> the following document:
> - 'Deprecate DES, RC4-HMAC-EXP, and other weak cryptographic algorithms
>in Kerberos'
>as a Best Current Practice
&
I hate to be raising last call issues with my own document but such is
life.
1) Jim Schaad reports that our ASN.1 module is missing an import
statement.
2) Shortly after Jeff submitted the publication request, Tom Yu found
some problems with the assigned numbers in the IANA pre-authentication
r
Dear ietf@ietf.org,
Is it too late for me to submit comments for this draft?
Regards.
/thomas/
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
Folks, it appears the IESG made an error in approving this charter.
In particular, while we requested that the charter go out for external
review and community comment, that appears to have never happened.
The IESG is figuring out how we want to move forward. The obvious approach is
to withdraw
Narayanan, Vidya wrote:
>
>So, I assume that the issue with using 802.11i/WPA2 would be that it
>requires an upgrade of APs? If EAPoUDP (as being discussed without any
>keys for data traffic protection) were to be used, you would still have
>to perform the MAC address-based access control to provi
merely reduces it to a posture transport
> > Narayanan,> protocol. The level of security provided by EAPoUDP
> > Narayanan,> does not seem to be any greater than a
> kerberos-based
> > Narayanan,> authentication done today in most
> enterprise networks,
>
ture transport
Narayanan,> protocol. The level of security provided by EAPoUDP
Narayanan,> does not seem to be any greater than a kerberos-based
Narayanan,> authentication done today in most enterprise networks,
Narayanan,> considering the presence of switched ethernet. H
e level of security provided by EAPoUDP
> Narayanan,> does not seem to be any greater than a kerberos-based
> Narayanan,> authentication done today in most enterprise networks,
> Narayanan,> considering the presence of switched ethernet. Hence,
> Narayanan,> the
ided by EAPoUDP
Narayanan,> does not seem to be any greater than a kerberos-based
Narayanan,> authentication done today in most enterprise networks,
Narayanan,> considering the presence of switched ethernet. Hence,
Narayanan,> the only reason to move to EAPoUDP would be t
The document [1] specify a mode of encryption that has not, to my
knowledge, been used anywhere else: CBC-CTS with IV-carry. The
document does not reference any standard work that define it, so it
appears the document authors are not aware of prior use of it either.
There is no analysis of the sec
ge I'm putting together about AFS
and Windows/Linux coexistence.
It talks a bit about Kerberos and Active Directory.
- Dan
g.html
which is a page I'm putting together about AFS
and Windows/Linux coexistence.
It talks a bit about Kerberos and Active Directory.
Do also check http://www.daasi.de/staff/norbert/thesis/html/node9.html
which covers this topic a bit.
- Dan
Hello,
I meant to say c) I know that the Active Directory schema does not follow the X.400
schema strictly. Therefore, what are the deviations? instead of X.500 sorry...
Brian B.
hook into the undefined field in use in Microsoft's
implementation of Kerberos? Can I use MIT Kerberos with Active Directory instead?
e) What other protocols if any have I missed that I should take a look at?
f) How compliant is Microsoft's Kerberos/PKI implementations with PKCS standa
Aneuya wrote:
>HI,
>
>This query is regarding Kerberos V5.
>
>I want to know in case of WAN, what the flow of
>request starting from the client to the application
>server will be when it doesnt have the ticket for it ?
>Does client have to know the adrress of Kerberos
HI,
This query is regarding Kerberos V5.
I want to know in case of WAN, what the flow of
request starting from the client to the application
server will be when it doesnt have the ticket for it ?
Does client have to know the adrress of Kerberos
server ?
Your help will be immensly appreciated
17 matches
Mail list logo