Updating the GSSAPI-CFX draft: GSS Names in the Kerberos v5 mechanism
Liqiang(Larry) Zhu <lzhu <at> windows.microsoft.com>
2004-11-03 08:51:13 GMT
Late last year we set out to write a draft on the Kerberos V5 GSS-API
mechanism using AES and newer enctypes, and we wanted to make sure that
folks implementing this mechanism should not need to read RFC 1964. The
scope of the draft was well-defined, and we got our draft out fairly
Recently it came to my attention we did not accomplish our mission. More
specifically the existing document set (RFC 2743, RFC 2744,
clarifications, kcrypto, AES-ID) does not have sufficiently detailed
information for Kerberos specific GSS names.
I pulled in the relevant text from RFC 1964 and updated the references.
Sam and Jeff (Jhutz) reviewed the text; both of them agreed there were
no significant changes between this text and that of RFC1964. I asked
Martin to review the changes, but he was not able to comment and the
IETF61 is approaching.
I propose to add the text below as a new section and make this addition
within the authors' last 48 hours. It is understood that there must be
agreement from both the WG and the AD to make such change. Here I bring
up the text to the list and please review. I strongly believe myself
this is the right thing to do. I will speak with Russ about this at
Washington DC next week, if we have rough consensus on the text.
6. Name Types and Object Identifiers
This section discusses the name types which are passed as input to
the Kerberos Version 5 GSS-API mechanism's GSS_Import_name()
[RFC2743] call, and their associated identifier values. It defines