draft-ietf-krb-wg-kerberos-sam-02.txt   draft-ietf-krb-wg-kerberos-sam-03.txt 
INTERNET-DRAFT Ken Hornstein INTERNET-DRAFT Ken Hornstein
<draft-ietf-krb-wg-kerberos-sam-02.txt> Naval Research Laboratory <draft-ietf-krb-wg-kerberos-sam-03.txt> Naval Research Laboratory
Updates: RFC 1510 Ken Renard Updates: RFC 1510 Ken Renard
October 27, 2003 WareOnEarth July 15, 2004 WareOnEarth
Clifford Newman Clifford Newman
ISI ISI
Glen Zorn Glen Zorn
Cisco Systems Cisco Systems
Integrating Single-use Authentication Mechanisms with Kerberos Integrating Single-use Authentication Mechanisms with Kerberos
0. Status Of this Memo 0. Status Of this Memo
This document is an Internet-Draft and is subject to all provisions This document is an Internet-Draft and is subject to all provisions
of Section 10 of RFC2026. Internet-Drafts are working documents of of Section 10 of RFC2026. Internet-Drafts are working documents of
skipping to change at page 1, line 33 skipping to change at page 1, line 34
reference material or to cite them other than as ``work in pro- reference material or to cite them other than as ``work in pro-
gress.'' gress.''
To learn the current status of any Internet-Draft, please check the To learn the current status of any Internet-Draft, please check the
``1id-abstracts.txt'' listing contained in the Internet-Drafts Sha- ``1id-abstracts.txt'' listing contained in the Internet-Drafts Sha-
dow Directories on ds.internic.net (US East Coast), nic.nordu.net dow Directories on ds.internic.net (US East Coast), nic.nordu.net
(Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific
Rim). Rim).
The distribution of this memo is unlimited. It is filed as The distribution of this memo is unlimited. It is filed as
<draft-ietf-krb-wg-kerberos-sam-02.txt>, and expires April 27, <draft-ietf-krb-wg-kerberos-sam-03.txt>, and expires January 19,
2004. Please send comments to the authors. 2005. Please send comments to the authors.
1. Abstract 1. Abstract
This document defines extensions to the Kerberos protocol specifi- This document defines extensions to the Kerberos protocol specifi-
cation [RFC1510] which provide a method by which a variety of cation [RFC1510] which provide a method by which a variety of
single-use authentication mechanisms may be supported within the single-use authentication mechanisms may be supported within the
protocol. The method defined specifies a standard fashion in which protocol. The method defined specifies a standard fashion in which
the preauthentication data and error data fields in Kerberos mes- the preauthentication data and error data fields in Kerberos mes-
sages may be used to support single-use authentication mechanisms. sages may be used to support single-use authentication mechanisms.
2. Terminology 2. Terminology
skipping to change at page 13, line 14 skipping to change at page 13, line 14
cryptography, it is possible that legitimate users may be denied cryptography, it is possible that legitimate users may be denied
service. service.
An attacker in possession of the users encryption key (again, which An attacker in possession of the users encryption key (again, which
doesn't change from login to login) might be able to doesn't change from login to login) might be able to
generate/modify a SAM challenge and attach the appropriate check- generate/modify a SAM challenge and attach the appropriate check-
sum. This affects the security of both the send-encrypted-sad sum. This affects the security of both the send-encrypted-sad
option and the must-pk-encrypt-sad option. option and the must-pk-encrypt-sad option.
8. Expiration 8. Expiration
This Internet-Draft expires on April 27, 2004. This Internet-Draft expires on January 19, 2004.
9. References 9. References
[RFC1510] [RFC1510]
The Kerberos Network Authentication System; Kohl and Neuman; The Kerberos Network Authentication System; Kohl and Neuman;
September 1993. September 1993.
[RFC1760] [RFC1760]
The S/Key One-Time Password System; Haller; February 1995 The S/Key One-Time Password System; Haller; February 1995
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/