Re: [Ietf-krb-wg] Last Call: (Deprecate DES, RC4-HMAC-EXP, and other weak cryptographic algorithms in Kerberos) to Best Current Practice

2012-03-24 Thread Sam Hartman
Hi. In the writeup I asked Stephen to include a note that there is a normative downreference to RFC 4757. RFC 4757 is informational. This document recommends that implementations not implement some of the algorithms in RFC 4757, thus creating a normative down-ref. My opinion and that of the WG is

Re: Last Call: (Deprecate DES, RC4-HMAC-EXP, and other weak cryptographic algorithms in Kerberos) to Best Current Practice

2012-03-22 Thread Joel jaeggli
On 3/22/12 08:26 , The IESG wrote: > > The IESG has received a request from the Kerberos WG (krb-wg) to consider > the following document: > - 'Deprecate DES, RC4-HMAC-EXP, and other weak cryptographic algorithms >in Kerberos' >as a Best Current Practice &

Re: Last Call: draft-ietf-krb-wg-preauth-framework (A Generalized Framework for Kerberos Pre-Authentication) to Proposed Standard

2009-12-10 Thread Sam Hartman
I hate to be raising last call issues with my own document but such is life. 1) Jim Schaad reports that our ASN.1 module is missing an import statement. 2) Shortly after Jeff submitted the publication request, Tom Yu found some problems with the assigned numbers in the IANA pre-authentication r

RE: Last Call: draft-ietf-krb-wg-cross-problem-statement (Problem statement on the cross-realm operation of Kerberos) to Informational RFC

2009-09-08 Thread Thomas Hardjono
Dear ietf@ietf.org, Is it too late for me to submit comments for this draft? Regards. /thomas/ ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf

Re: WG Action: RECHARTER: Kerberos (krb-wg)

2007-07-23 Thread Sam Hartman
Folks, it appears the IESG made an error in approving this charter. In particular, while we requested that the charter go out for external review and community comment, that appears to have never happened. The IESG is figuring out how we want to move forward. The obvious approach is to withdraw

Re: Kerberos

2006-05-26 Thread Jari Arkko
Narayanan, Vidya wrote: > >So, I assume that the issue with using 802.11i/WPA2 would be that it >requires an upgrade of APs? If EAPoUDP (as being discussed without any >keys for data traffic protection) were to be used, you would still have >to perform the MAC address-based access control to provi

RE: Kerberos

2006-05-26 Thread Narayanan, Vidya
merely reduces it to a posture transport > > Narayanan,> protocol. The level of security provided by EAPoUDP > > Narayanan,> does not seem to be any greater than a > kerberos-based > > Narayanan,> authentication done today in most > enterprise networks, >

Re: Kerberos

2006-05-26 Thread Jeffrey Hutzelman
ture transport Narayanan,> protocol. The level of security provided by EAPoUDP Narayanan,> does not seem to be any greater than a kerberos-based Narayanan,> authentication done today in most enterprise networks, Narayanan,> considering the presence of switched ethernet. H

RE: Kerberos

2006-05-26 Thread Narayanan, Vidya
e level of security provided by EAPoUDP > Narayanan,> does not seem to be any greater than a kerberos-based > Narayanan,> authentication done today in most enterprise networks, > Narayanan,> considering the presence of switched ethernet. Hence, > Narayanan,> the

Kerberos

2006-05-26 Thread Sam Hartman
ided by EAPoUDP Narayanan,> does not seem to be any greater than a kerberos-based Narayanan,> authentication done today in most enterprise networks, Narayanan,> considering the presence of switched ethernet. Hence, Narayanan,> the only reason to move to EAPoUDP would be t

[Ietf] Last call comment on 'AES Encryption for Kerberos 5'

2004-04-29 Thread Simon Josefsson
The document [1] specify a mode of encryption that has not, to my knowledge, been used anywhere else: CBC-CTS with IV-carry. The document does not reference any standard work that define it, so it appears the document authors are not aware of prior use of it either. There is no analysis of the sec

re: Active Directory and DNS/Kerberos/LDAP/PKCS/X.500

2002-10-28 Thread Dan Kegel
ge I'm putting together about AFS and Windows/Linux coexistence. It talks a bit about Kerberos and Active Directory. - Dan

Re: Active Directory and DNS/Kerberos/LDAP/PKCS/X.500

2002-10-27 Thread Dan Kegel
g.html which is a page I'm putting together about AFS and Windows/Linux coexistence. It talks a bit about Kerberos and Active Directory. Do also check http://www.daasi.de/staff/norbert/thesis/html/node9.html which covers this topic a bit. - Dan

Active Directory and DNS/Kerberos/LDAP/PKCS/X.500

2002-10-23 Thread Brian Bisaillon
Hello, I meant to say c) I know that the Active Directory schema does not follow the X.400 schema strictly. Therefore, what are the deviations? instead of X.500 sorry... Brian B.

Active Directory and DNS/Kerberos/LDAP/PKCS/X.500

2002-10-23 Thread Brian Bisaillon
hook into the undefined field in use in Microsoft's implementation of Kerberos? Can I use MIT Kerberos with Active Directory instead? e) What other protocols if any have I missed that I should take a look at? f) How compliant is Microsoft's Kerberos/PKI implementations with PKCS standa

Re: Kerberos Query.

2001-12-06 Thread Leif Johansson
Aneuya wrote: >HI, > >This query is regarding Kerberos V5. > >I want to know in case of WAN, what the flow of >request starting from the client to the application >server will be when it doesnt have the ticket for it ? >Does client have to know the adrress of Kerberos

Kerberos Query.

2001-12-05 Thread Aneuya
HI, This query is regarding Kerberos V5. I want to know in case of WAN, what the flow of request starting from the client to the application server will be when it doesnt have the ticket for it ? Does client have to know the adrress of Kerberos server ? Your help will be immensly appreciated