--- 1/draft-ietf-tls-kerb-cipher-suites-03.txt	2006-02-05 02:00:58.000000000 +0100
+++ 2/draft-ietf-tls-kerb-cipher-suites-04.txt	2006-02-05 02:00:58.000000000 +0100
@@ -1,35 +1,42 @@
 INTERNET-DRAFT                                        Ari Medvinsky
-Transport Layer Security Working Group                  Matthew Hur
-draft-ietf-tls-kerb-cipher-suites-03.txt      CyberSafe Corporation
-September 18, 1998 (Expires March 18, 1999)
+Transport Layer Security Working Group                       Excite
+draft-ietf-tls-kerb-cipher-suites-04.txt                Matthew Hur
+August 21, 1999 (Expires January 22, 2000)    CyberSafe Corporation
 
 Addition of Kerberos Cipher Suites to Transport Layer Security (TLS)
 
 0. Status Of this Memo
 
-This document is an Internet-Draft.  Internet-Drafts are working
-documents of the Internet Engineering Task Force (IETF), its
-areas, and its working groups.  Note that other groups may also
-distribute working documents as Internet-Drafts.
+This document is an Internet-Draft and is in full conformance with
+all provisions of section 10 of RFC 2026.  Internet-Drafts are
+working documents of the Internet Engineering Task Force (IETF),
+its areas, and its working groups.  Note that other groups may
+also distribute working documents as Internet-Drafts.
 
 Internet-Drafts are draft documents valid for a maximum of six
 months and may be updated, replaced, or obsoleted by other
 documents at any time.  It is inappropriate to use Internet-
 Drafts as reference material or to cite them other than as
 ``work in progress.''
 
+The list of current Internet-Drafts can be accessed at
+http://www.ietf.org/ietf/1id-abstracts.txt
+
+The list of Internet-Draft Shadow Directories can be accessed at
+http://www.ietf.org/shadow.html.
+
 To learn the current status of any Internet-Draft, please check
 the ``1id-abstracts.txt'' listing contained in the Internet-
 Drafts Shadow Directories on ftp.is.co.za (Africa),
 nic.nordu.net (Europe), munnari.oz.au (Pacific Rim),
-ftp.ietf.org (US East Coast), or ftp.isi.edu (US West Coast).
+ds.internic.net (US East Coast), or ftp.isi.edu (US West Coast).
 
 1. Abstract
 
 This document proposes the addition of new cipher suites to the TLS
 protocol [1] to support Kerberos-based authentication.  Kerberos
 credentials are used to achieve mutual authentication and to establish
 a master secret which is subsequently used to secure client-server
 communication.
 
 2. Introduction
@@ -183,35 +190,54 @@
        concerned about the protection domain on a particular machine.
      - "MachineName" is the particular instance of the service.
      - The Kerberos "Realm" is the domain name of the machine.
 
 5. Summary
 
 The proposed Kerberos authentication option is added in exactly the
 same manner as a new public key algorithm would be added to TLS.
 Furthermore, it establishes the master secret in exactly the same manner.
 
-6. Acknowledgements
+6. Security Considerations
+
+Kerberos ciphersuites are subject to the same security considerations as
+the TLS protocol.  In addition, just as a public key implementation must
+take care to protect the private key (for example the PIN for a
+smartcard), a Kerberos implementation must take care to protect the long
+lived secret that is shared between the principal and the KDC.  In
+particular, a weak password may be subject to a dictionary attack.  In
+order to strengthen the initial authentication to a KDC, an implementor
+may choose to utilize secondary authentication via a token card, or one
+may utilize initial authentication to the KDC based on public key
+cryptography (commonly known as PKINIT - a product of the Common
+Authentication Technology working group of the IETF).
+
+7. Acknowledgements
 
 We would like to thank Clifford Neuman for his invaluable comments on
 earlier versions of this document.
 
-7. References
+8. References
 
 [1] T. Dierks, C. Allen.
-The TLS Protocol, Version 1.0 - IETF Draft.
+The TLS Protocol, Version 1.0 - RFC 2246.
 
 [2] J. Kohl and C. Neuman
 The Kerberos Network Authentication Service (V5) RFC 1510.
 
 Authors' Addresses
 
-Ari Medvinsky <arim@cybersafe.com>
-Matthew Hur   <matth@cybersafe.com>
+    Ari Medvinsky
+    Excite
+    555 Broadway
+    Redwood City, CA 94063
+    Phone +1 650 569 2119
+    E-mail: amedvins@excitecorp.com
+    http://www.excite.com
 
+    Matthew Hur
 CyberSafe Corporation
-1605 NW Sammamish Raod
-Suite 310
-Issaquah, WA 98027-5378
-Phone: (206) 391-6000
-Fax:   (206) 391-0508
+    1605 NW Sammamish Road
+    Issaquah WA 98027-5378
+    Phone: +1 425 391 6000
+    E-mail: matt.hur@cybersafe.com
 http://www.cybersafe.com