Kerberos (krb-wg)
-----------------

 Charter
 Last Modified: 2006-10-17

 Current Status: Active Working Group

 Chair(s):
     Jeffrey Hutzelman  <jhutz@cmu.edu>

 Security Area Director(s):
     Russ Housley  <housley@vigilsec.com>
     Sam Hartman  <hartmans-ietf@mit.edu>

 Security Area Advisor:
     Sam Hartman  <hartmans-ietf@mit.edu>

 Mailing Lists: 
     General Discussion:ietf-krb-wg@anl.gov
     To Subscribe:      majordomo@anl.gov
         In Body:       subscribe ietf-krb-wg your_email_address
     Archive:           ftp://ftp.ietf.org/ietf-mail-archive/krb-wg/

Description of Working Group:

Kerberos over the years has been ported to virtually every operating
system. There are at least two open source versions, with numerous
commercial versions based on these and other proprietary
implementations. Kerberos evolution has continued over the years, and
interoperability has been problematic.  A number of draft proposals
have been issued concerning aspects of new or extended functionality.

The group will strive to improve the interoperability of these
systems while improving security.

Specifically, the Working Group will:

* Clarify and amplify the Kerberos specification (RFC 1510) to make 
sure
  interoperability problems encountered in the past that occurred
  because of unclear specifications do not happen again.  The output of
  this process should be suitable for Draft Standard status.

* Select from existing proposals on new or extended functionality those
  that will add significant value while improving interoperability and
  security, and publish these as one or more Proposed Standards.

 Goals and Milestones:

   Done         First meeting 

   Done         Submit the Kerberos Extensions document to the IESG for 
                consideration as a Proposed standard. 

   Done         Complete first draft of Pre-auth Framework 

   Done         Complete first draft of Extensions 

   Done         Submit K5-GSS-V2 document to IESG for consideration as a 
                Proposed Standard 

   Done         Last Call on OCSP for PKINIT 

   Done         Consensus on direction for Change/Set password 

   Done         PKINIT to IESG 

   Done         Enctype Negotiation to IESG 

   Done         Last Call on PKINIT ECC 

   Mar 2006       Review milestones 

   Mar 2006       Issues identified for Anonymous 

   Jun 2006       Major issues resolved on Extensions 

   Aug 2006       Last Call on Extensions 

   Aug 2006       Last Call on Referrals 

   Sep 2006       Last Call on Change/Set password 


 Internet-Drafts:

Posted Revised         I-D Title   <Filename>
------ ------- --------------------------------------------
Jul 2001 Oct 2006   <draft-ietf-krb-wg-hw-auth-04.txt>
                Passwordless Initial Authentication to Kerberos by Hardware 
                Preauthentication 

May 2003 Jul 2006   <draft-ietf-krb-wg-kerberos-set-passwd-05.txt>
                Kerberos Set/Change Key/Password Protocol Version 2 

Feb 2004 Oct 2006   <draft-ietf-krb-wg-preauth-framework-04.txt>
                A Generalized Framework for Kerberos Pre-Authentication 

Jan 2005 Oct 2006   <draft-ietf-krb-wg-rfc1510ter-03.txt>
                The Kerberos Network Authentication Service (Version 5) 

Sep 2005 Sep 2006   <draft-zhu-pkinit-ecc-02.txt>
                ECC Support for PKINIT 

May 2006 Sep 2006   <draft-ietf-krb-wg-tcp-expansion-01.txt>
                Extended Kerberos Version 5 Key Distribution Center (KDC) 
                Exchanges Over TCP 

Jun 2006 Oct 2006   <draft-ietf-krb-wg-anon-02.txt>
                Anonymity Support for Kerberos 

Jun 2006 Oct 2006   <draft-ietf-krb-wg-naming-01.txt>
                Additional Kerberos Naming Constraits 

Jun 2006 Oct 2006   <draft-ietf-krb-wg-pkinit-alg-agility-01.txt>
                PK-INIT algorithm agility 

Nov 2006 Nov 2006   <draft-ietf-krb-wg-gss-cb-hash-agility-00.txt>
                Kerberos Version 5 GSS-API Channel Binding Hash Agility 

 Request For Comments:

  RFC   Stat Published     Title
------- -- ----------- ------------------------------------
RFC3962Standard  Feb 2005    AES Encryption for Kerberos 5 

RFC3961Standard  Feb 2005    Encryption and Checksum Specifications for Kerberos 5 

RFC4120Standard  Jul 2005    The Kerberos Network Authentication Service (V5) 

RFC4121Standard  Jul 2005    The Kerberos Version 5 Generic Security Service 
                       Application Program Interface (GSS-API) Mechanism: 
                       Version 2 

RFC4537 PS   Jun 2006    Kerberos Cryptosystem Negotiation Extension 

RFC4557 PS   Jun 2006    Online Certificate Status Protocol (OCSP) Support for 
                       Public Key Cryptography for Initial Authentication in 
                       Kerberos (PKINIT) 

RFC4556 PS   Jun 2006    Public Key Cryptography for Initial Authentication in 
                       Kerberos (PKINIT)