GSSAPI-CFX Larry Zhu Microsoft Corporation IETF 58.

Slides:



Advertisements
Similar presentations
802.16m Preamble RG Report IEEE Presentation Submission Template (Rev. 9) Document Number: IEEE C802.16m-08/637 Date Submitted: Source:
Advertisements

IETF 77, March 2010, Anaheim Updates on Requirements for Multicast AAA coordinated between CPs and NSPs draft-ietf-mboned-maccnt-req-09 & AAA and Admission.
Copyright © 2003 Colin Perkins SDP Specification Update Colin Perkins
ISAKMP RFC 2408 Internet Security Association & Key Management Protocol Protocol Establish, modify, and delete SAs Negotiate crypto keys Procedures Authentication.
Windows 2000 Kerberos Interoperability Paul Hill Co-Leader, Kerberos Development Team MIT John Brezak Program Manager Windows 2000 Security Microsoft.
Header and Payload Formats
ABFAB Architecture Jim Schaad August Cellars. Previous Updates -01 – Resolved a number of review comments in the tracker -02 – Expanded Section 2 – Architecture.
© 2012 The MITRE Corporation. All rights reserved. For internal MITRE use 11 July 2013 Meeting #6 hData Record Format Task Force 1 © 2012 The MITRE Corporation.
ACE – Design Considerations Corinna Schmitt IETF ACE WG meeting July 23,
Windows Security Mechanisms Al Bento - University of Baltimore.
Light Weight Access Point Protocol (LWAPP) IETF 57 Pat Calhoun, Airespace.
9/8/2015 draft-bocci-mpls-tp-gach-gal-00.txt MPLS Generic Associated Channel draft-bocci-mpls-tp-gach-gal-00.txt Matthew Bocci (ALU) & Martin Vigoureux.
IETF SFC: Service Chain Header draft-zhang-sfc-sch-01
SAML Right Here, Right Now Hal Lockhart September 25, 2012.
Query Health Distributed Population Queries Implementation Group Meeting October 25, 2011.
1 SIPREC Recording Metadata Model for SRS SIPREC Virtual Meeting 12-Oct-2010 Team: Paul Kyzivat, Ram Mohan R, R Parthasarathi.
P1800 Requirements for IP Protection John Shields.
WG Document Status 88th IETF CCAMP Working Group.
IETF Trade WG Adelaide, South Australia 29 March 2000 Donald E. Eastlake, 3rd
SAML 2.1 Building on Success. Outline n Summary of SAML 2.0 n Work done since 2.0 n Objectives of SAML 2.1 n Proposed Task List n Undecided Issues n Invitation.
LDAP Items
QoS NSLP draft-ietf-nsis-qos-nslp-06.txt Slides: Sven van den Bosch, Georgios Karagiannis, Andrew McDonald.
© 2010 The MITRE Corporation. All rights reserved Developer Web Conference 14 May 2010.
Dime WG Status Update IETF#80, 1-April Agenda overview Agenda bashing WG status update Active drafts Recently expired IESG processing Current milestones.
Copyright 2002, USC/ISI. All rights reserved. Kerberos Clarifications and Extensions Status Dr. Clifford Neuman Center for Computer Systems Security Information.
Doc.: IEEE /1206r0 Submission Oct 2004 Black, NokiaSlide 1 TGk LB71 Parallel category comment resolution Simon Black (Nokia)
March 2006 CAPWAP Protocol Specification Update March 2006
EAP-FAST Version 2 draft-zhou-emu-eap-fastv2-00.txt Hao Zhou Nancy Cam-Winget Joseph Salowey Stephen Hanna March 2011.
IETF-59, Seoul, S. Korea OpenPGP, March 2, 2004 OpenPGP Working Group IETF-59, Seoul, S. Korea March 2, 2004 Chair: Derek Atkins List:
MPLS-TP Packet Loss and Delay Measurement draft-frost-mpls-tp-loss-delay-00 Dan Stewart IETF 76 November.
Packet Format Issues #227: Need Shim Header to indicate Crypto Property of packet Do we need to add pre-amble header to indicate if data is encrypted or.
Doc.: IEEE /296r1 SubmissionMitch Buchman May 2001 Slide 1 TGi Draft 1Clause Comments IEEE P802.11E Security/D1.0 Letter Ballot# 25.
Magnus Westerlund 1 The RTSP Core specification draft-ietf-mmusic-rfc2326bis-06.txt Magnus Westerlund Aravind Narasimhan Rob Lanphier Anup Rao Henning.
SDP Simple Capability Negotiation (SDP Simcap) draft-andreasen-mmusic-sdp-simcap-reqts-00.txt draft-andreasen-mmusic-sdp-simcap-01.txt 50th IETF - March.
November 20, 2002IETF 55 - Atlanta1 VPIM Voice Profile for Internet Mail Mailing list: To subscribe: send.
Doc.: IEEE /292 Submission September 2000 Bob Beach and Jesse WalkerSlide 1 An Overview of the GSS-API and Kerberos Bob Beach, Symbol Technologies.
1 Header Compression over IPsec (HCoIPsec) Emre Ertekin, Christos Christou, Rohan Jasani {
A RTCP-based Retransmission Protocol for Unicast RTP Streaming Multimedia draft-podolsky-avt-rtprx-00.txt Matthew Podolsky, Koichi Yano, and Steven McCanne.
RFC 2716bis Wednesday, July 12, 2006 Draft-simon-emu-rfc2716bis-02.txt Dan Simon Bernard Aboba IETF 66, Montreal, Canada.
1 Mobility for IPv6 [MIP6] November 12 th, 2004 IETF61.
Brian Tung Issues List by Jeff Hutzelman
1 PWE3 Control Word PWE3 IETF-60 August 2004 Stewart Bryant Danny McPherson.
Diameter Group Signaling Thursday, March 6 th, 2014 draft-ietf-diameter-group-signaling-03 Mark Jones, Marco Liebsch, Lionel Morand IETF 89 London, U.K.
Slide title :32-35pt Color: R153 G0 B0 Corporate Font : FrutigerNext LT Medium Font to be used by customers and partners : Arial Slide text :20-22pt Bullets.
6LoWPAN Meeting 66 IETF Dallas Format Document changes July 11, 2006.
Re-chartering BFD – IETF 78 Jeffrey Haas, Dave Ward,
21-07-xxxx IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Addressing Comment #2142 Date Submitted: March, 18, 2008 Presented.
SCVP-28 Tim Polk November 8, Current Status Draft -27 was submitted in June ‘06 –AD requested a revised ID 8/11 –No related discussion on list –Editors.
IETF-84 EMU TEAP Updates Nancy Joseph Salowey Hao Zhou
PMIPv6 multicast handover optimization by the Subscription Information Acquisition through the LMA (SIAL) Luis M. Contreras Telefónica I+D Carlos J. Bernardos.
GSMPv3 Packet Capable Switch Support 56th IETF GSMP WG, San Francisco Kenneth Sundell
KeyProv PSKC Specification Mingliang Pei Authors: P. Hoyer, M. Pei and S. Machani 73 nd IETF meeting, Minneapolis, Nov
SIP Working Group IETF Chairs -- Rohan MAHY Dean WILLIS.
Ken Grewal Gabriel Montenegro Manav Bhatia
November 2010 doc.: IEEE e Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: LB60 comment.
CLUE design team meeting
Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: Proposed resolution of ESOR comments from LB53 (the easy.
Submission Title: [Resolution on comment #20,22 and 30]
Kerberos Working Group Interim Meeting Kerberos Interoperability Event
doc.: IEEE <doc#>
Submission Title: [Resolution on comment #20,22 and 30]
Overview of Changes to Key Holder Frame Formats
NIST Considerations Date: Authors: July 2005 Month Year
March 2013 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: Comment Resolution Suggestions Date Submitted:
doc.: IEEE <doc#1>
2200 Mission College Blvd., Santa Clara, CA 95054, USA
Sam hartman Painless Security IETF 80
August 2019 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: CID 422 Proposal Date Submitted: 14 August,
September, 2019 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: CID 422 Proposal Date Submitted: Sept.
Submission Title: TG9ma Closing Report for July Meeting
Presentation transcript:

GSSAPI-CFX Larry Zhu Microsoft Corporation IETF 58

Goals Support cryptosystem framework Support AES enctypes in GSSAPI Backward compatible with existing apps Interoperability

Status of the draft Latest revision –draft-ietf-krb-wg-gssapi-cfx-03.txt –Submitted on 10/26/2003 Design team Ken Raeburn, Nicolas Williams, Sam Hartman, Karthik Jaganathan, Larry Zhu, Paul Leach et al

Open issues in draft -03 Generic token framing in per-message tokens (call for consensus) MUST vs SHOULD: acceptor-asserted- subkey (resolved) List of “not-newer” enctypes: name and values (resolved)

Questions and Comments

Kcrypto Enctypes des-cbc-crc des-cbc-md des-cbc-md [reserved] 4 des3-cbc-md5 5 [reserved] 6 des3-cbc-sha1 7 dsaWithSHA1-CmsOID 9 (pkinit) md5WithRSAEncryption-CmsOID 10 (pkinit) sha1WithRSAEncryption-CmsOID 11 (pkinit) rc2CBC-EnvOID 12 (pkinit) rsaEncryption-EnvOID 13 (pkinit from PKCS#1 v1.5) rsaES-OAEP-ENV-OID 14 (pkinit from PKCS#1 v2.0) des-ede3-cbc-Env-OID 15 (pkinit) des3-cbc-sha1-kd * aes128-cts-hmac-sha [KRB5-AES] * aes256-cts-hmac-sha [KRB5-AES] rc4-hmac 23 (Microsoft)

What is new (from 1964) Directional keys 64bit sequence numbers Generic token framing New token IDs 0404 for MIC tokens, 0504 for Wrap tokens Direction indicator as a single flag bit “Extra Count” Right Rotation Count Empty context deletion tokens

What is new (cont’d) Acceptor asserted subkey Token ID assignment considerations Handling of unknown token IDs

Inherited from 1964 Everything else, with minor improvements: –Delegation KRB_CRED MUST be encrypted in session key –Channel binding encoding clarified

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.