Kerberos WG (krb-wg) TUESDAY, November 19 at 1415-1515 and 1545-1645 =============================================== CHAIR: Doug Engert AGENDA: Introduction Doug Engert - 5 min Agenda bashing, appointing a scribe "The Kerberos Network Authentication Service (V5)" hhttp://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-clarifications-02.txt Cliff Neuman - 20 min Status: The Clarifications are in WG last call with the last call to end the day of the WG. (If you read nothing else, please read this document!) "Encryption and Checksum Specifications for Kerberos 5" http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-crypto-02.txt Ken Raeburn - 10 min Status: Should be ready for last call after meeting. "AES Encryption for Kerberos 5" http://www.ietf.org/internet-drafts/draft-raeburn-krb-rijndael-krb-02.txt Ken Raeburn - 10 min Status: Just submitted, Should be ready for last call after meeting. "Public Key Cryptography for Initial Authentication in Kerberos" http://www.ietf.org/internet-drafts/draft-ietf-cat-kerberos-pk-init-16.txt Matt Hur - 5 min Status: May need some changes based on recent comments on WG list, It could be ready for another WG last call. "Initial and Pass Through Authentication Using Kerberos V5 and GSS-API (IAKERB)" http://www.ietf.org/internet-drafts/draft-ietf-cat-iakerb-08.txt Glen Zorn - 5 min Status: Passed WG last call, and sent to IESG. Has stalled, Martin Rex expressed complaints to IESG. Jeff Shiller has said he would look at it. WG might want to recommend it be Experimental, as no one is implementing it as far as we know. "Kerberos Set/Change Password: Version 2 Sam Hartman - 5 min http://www.ietf.org/internet-drafts/draft-ietf-cat-kerberos-set-passwd-06.txt Status: Passed WG last call last year, but has stalled. Based on comments by Sam Hartman, we may want to make additional changes. Should also be reviewed in light of Clarifications. "Extensions" See http://www.kerberos.us -> Clarifications. Coments on Extensions are at the end. Cliff Neuman and Sam Hartman - 30 min Status: Waiting for Clarifications before proceeding. "Krb5 EAP method" http: none Derek Atkins - 5 min Status: EAP is the Extensible Authentication Protocol used by PPP/RADIUS/et.al. Derek is working on a specification for how to use EAP to carry Kerberos authentication data and requests between a client station and "the network. "Passwordless Initial Authentication to Kerberos by Hardware Preauthentication" http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-hw-auth-02.txt Ken Hornstien - 5 min Status: This is Matt Crawford's draft. Ken said he would talk about it. "Integrating Single-use Authentication Mechanisms with Kerberos" http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-sam-01.txt Ken Hornstien - 5 min Status: New document. "Kerberos KDC LDAP Schema" http://www.ietf.org/internet-drafts/draft-skibbie-krb-kdc-ldap-schema-01.txt Donna Skibbie - 5 min Status: May be of interest to the WG. (I am listing the following drafts, and can discuss them if needed.) "Stringprep Profile for Kerberos UTF-8 Strings" http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-utf8-profile-00.txt "Public Key Cryptography for Cross-Realm Authentication in Kerberos" http://www.ietf.org/internet-drafts/draft-ietf-cat-kerberos-pk-cross-08.txt "Distributing Kerberos KDC and Realm Information with DNS" http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-krb-dns-locate-02.txt DESCRIPTION: The prime goal of the working group is to get Kerberos Clarifications to last call, as most of the other documents depend on this. The Crypto and AES are also needed to round out the suite of useable documents.