logo_kerberos.gif

Release Meeting Minutes/2011-05-10

From K5Wiki
Jump to: navigation, search


Will Fiveash, Thomas Hardjono, Sam Hartman, Greg Hudson, Zhanna Tsitkova, Tom Yu

Solaris

Will
Finished integrating 1.8.3. Big struggle. Not a complete merge. Might have to revisit code organization. Solaris and MIT a little closer now.

PKINIT

Greg
Hash agility? Two hard dependencies of PKINIT on SHA1. DH KDF for reply key. Agility draft uses NIST KDF. nonces?
Sam
Don't want same reply key each time you reuse DH public keys. Idea is to reduce number of crypto ops. [mutual auth in KDC]
Greg
[client & KDC nonces] One of Love's inputs is...
Sam
Whole ticket
Greg
Has implications for KDC side. Would have to split processing (authdata must be collected for creating the ticket).
Sam
[PKINIT precomputation attack]]
Greg
PKINIT Otherinfo encoding
Sam
Gross hack to not emit tag in ASN.1 encoder.
Tom
Problems are in the decoder
Sam
Decoder not needed [it's a KDF input].

Tom will send mail to Tim Polk about KDF ambiguities in SP 800-56A.

Greg will propose solutions to the WG.

Other

Thomas
ISO 11770-2? Kerberos reinvented? Anyone heard of it? [No]
Sam
W3C. Identity in the browser. What advice to give application authors re acquiring credentials with password vs without password?
Thomas
Interop planning (next week)
Greg
Does IETF draft expiry mean anything now? [Camellia draft administrivia]