draft-ietf-kitten-cammac-03.txt   draft-ietf-kitten-cammac-04.txt 
Internet Engineering Task Force S. Sorce, Ed. Internet Engineering Task Force S. Sorce
Internet-Draft Red Hat Internet-Draft Red Hat
Updates: 4120 (if approved) T. Yu, Ed. Updates: 4120 (if approved) T. Yu
Intended status: Standards Track T. Hardjono, Ed. Intended status: Standards Track MIT
Expires: December 27, 2015 MIT Kerberos Consortium Expires: May 4, 2016 November 1, 2015
June 25, 2015
Kerberos Authorization Data Container Authenticated by Multiple MACs Kerberos Authorization Data Container Authenticated by Multiple MACs
draft-ietf-kitten-cammac-03 draft-ietf-kitten-cammac-04
Abstract Abstract
This document specifies a Kerberos Authorization Data container that This document specifies a Kerberos Authorization Data container that
supersedes AD-KDC-ISSUED. It allows for multiple Message supersedes AD-KDC-ISSUED. It allows for multiple Message
Authentication Codes (MACs) or signatures to authenticate the Authentication Codes (MACs) or signatures to authenticate the
contained Authorization Data elements. The multiple MACs are needed contained Authorization Data elements. The multiple MACs are needed
to mitigate shortcomings in the existing AD-KDC-ISSUED container. to mitigate shortcomings in the existing AD-KDC-ISSUED container.
This document updates RFC 4120. This document updates RFC 4120.
skipping to change at page 1, line 37 skipping to change at page 1, line 36
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 27, 2015. This Internet-Draft will expire on May 4, 2016.
Copyright Notice Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 9, line 10 skipping to change at page 9, line 10
communicate attributes related to the client. If an application communicate attributes related to the client. If an application
requires an authenticated binding between the service principal name requires an authenticated binding between the service principal name
and the CAMMAC or ticket contents, the KDC MUST include in the CAMMAC and the CAMMAC or ticket contents, the KDC MUST include in the CAMMAC
some authorization data element that names the service principal. some authorization data element that names the service principal.
9. Acknowledgements 9. Acknowledgements
Shawn Emery, Sam Hartman, Greg Hudson, Ben Kaduk, Barry Leiba, Meral Shawn Emery, Sam Hartman, Greg Hudson, Ben Kaduk, Barry Leiba, Meral
Shirazipour, Zhanna Tsitkov, Qin Wu, and Kai Zheng provided helpful Shirazipour, Zhanna Tsitkov, Qin Wu, and Kai Zheng provided helpful
technical and editorial feedback on earlier versions of this technical and editorial feedback on earlier versions of this
document. document. Thomas Hardjono helped with the initial editing to split
this document from a predecessor document that had a wider scope.
10. References 10. References
10.1. Normative References 10.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3961] Raeburn, K., "Encryption and Checksum Specifications for [RFC3961] Raeburn, K., "Encryption and Checksum Specifications for
Kerberos 5", RFC 3961, February 2005. Kerberos 5", RFC 3961, February 2005.
skipping to change at page 9, line 46 skipping to change at page 9, line 47
10.2. Informative References 10.2. Informative References
[MS-SFU] Microsoft, "[MS-SFU]: Kerberos Protocol Extensions: [MS-SFU] Microsoft, "[MS-SFU]: Kerberos Protocol Extensions:
Service for User and Constrained Delegation Protocol", Service for User and Constrained Delegation Protocol",
January 2013, January 2013,
<http://msdn.microsoft.com/en-us/library/cc246071.aspx>. <http://msdn.microsoft.com/en-us/library/cc246071.aspx>.
Authors' Addresses Authors' Addresses
Simo Sorce (editor) Simo Sorce
Red Hat Red Hat
Email: ssorce@redhat.com Email: ssorce@redhat.com
Tom Yu (editor) Tom Yu
MIT Kerberos Consortium MIT
Email: tlyu@mit.edu Email: tlyu@mit.edu
Thomas Hardjono (editor)
MIT Kerberos Consortium
Email: hardjono@mit.edu
 End of changes. 8 change blocks. 
11 lines changed or deleted 11 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/