draft-ietf-krb-wg-gssapi-cfx-01.txt [plain text]
<Kerberos Working Group> Larry Zhu
Internet Draft Karthik Jaganathan
Updates: 1964 Microsoft
Category: Standards Track Sam Hartman
draft-ietf-krb-wg-gssapi-cfx-01.txt MIT
August 29, 2003
Expires: February 29, 2004
The Kerberos Version 5 GSS-API Mechanism: Version 2
Status of this Memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of [RFC-2026].
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts. Internet-Drafts are draft documents valid for a maximum of
six months and may be updated, replaced, or obsoleted by other
documents at any time. It is inappropriate to use Internet- Drafts
as reference material or to cite them other than as "work in
progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
1. Abstract
[RFC-1964] defines protocols, procedures, and conventions to be
employed by peers implementing the Generic Security Service
Application Program Interface (as specified in [RFC-2743]) when
using the Kerberos Version 5 mechanism (as specified in [KRBCLAR]).
This memo obsoletes [RFC-1964] and proposes changes in response to
recent developments such as the introduction of Kerberos crypto
framework. It is intended that this memo or a subsequent version
will become the Kerberos Version 5 GSS-API mechanism specification
on the standards track.
2. Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC-2119].
3. Introduction
[KCRYPTO] defines a generic framework for describing encryption and
checksum types to be used with the Kerberos protocol and associated
protocols.
Zhu Standards Trace - February 16, 2003 1
Kerberos Version 5 GSS-API August 2003
[RFC-1964] describes the GSSAPI mechanism for Kerberos V5. It
defines the format of context initiation, per-message and context
deletion tokens and uses algorithm identifiers for each cryptosystem
in per message and context deletion tokens.
The approach taken in this document obviates the need for algorithm
identifiers. This is accomplished by using the same encryption and
checksum algorithms specified by the crypto profile [KCRYPTO] for
the session key or subkey that is created during context
negotiation. Message layouts of the per-message and context
deletion tokens are therefore revised to remove algorithm indicators
and also to add extra information to support the generic crypto
framework [KCRYPTO].
Tokens transferred between GSS-API peers for security context
initiation are also described in this document. The data elements
exchanged between a GSS-API endpoint implementation and the Kerberos
KDC are not specific to GSS-API usage and are therefore defined
within [KRBCLAR] rather than within this specification.
The new token formats specified in this memo MUST be used with all
"newer" encryption types [KRBCLAR] and MAY be used with "older"
encryption types, provided that the initiator and acceptor know,
from the context establishment, that they can both process these new
token formats.
"Newer" encryption types are those which have been specified along
with or since the new Kerberos cryptosystem specification [KCRYPTO]
[KRBCLAR].
Note that in this document, "AES" is used for brevity to refer
loosely to either aes128-cts-hmac-sha1-96 or aes256-cts-hmac-sha1-96
as defined in [AES-KRB5]. AES is used as an example of the new
method defined in this document.
4. Key Derivation for Per-Message and Context Deletion Tokens
To limit the exposure of a given key, [KCRYPTO] adopted "one-way"
"entropy-preserving" derived keys, for different purposes or key
usages, from a base key or protocol key. This document defines four
key usage values below for signing and sealing messages:
Name value
-------------------------------------
KG-USAGE-ACCEPTOR-SEAL 22
KG-USAGE-ACCEPTOR-SIGN 23
KG-USAGE-INITIATOR-SEAL 24
KG-USAGE-INITIATOR-SIGN 25
When the sender is the context acceptor, KG-USAGE-ACCEPTOR-SIGN is
used as the usage number in the key derivation function for deriving
keys to be used in MIC and context deletion tokens, and KG-USAGE-
ACCEPTOR-SEAL is used for Wrap tokens; similarly when the sender is
the context initiator, KG-USAGE-INITIATOR-SIGN is used as the usage
Zhu Standards Track - February 16, 2004 2
Kerberos Version 5 GSS-API August 2003
number in the key derivation function for MIC and context deletion
tokens, KG-USAGE-INITIATOR-SEAL is used for Wrap Tokens. Even if
the Wrap token does not provide for confidentiality the same usage
values specified above are used.
5. Quality of Protection
The GSSAPI specification [RFC-2743] provides for Quality of
Protection (QOP) values that can be used by the application to
request a certain type of encryption or signing. A zero QOP value
is used to indicate the "default" protection; applications which use
the default QOP are not guaranteed to be portable across
implementations or even inter-operate with different deployment
configurations of the same implementation. Using an algorithm that
is different from the one for which the key is defined may not be
appropriate. Therefore, when the new method in this document is
used, the QOP value is ignored.
The encryption and checksum algorithms in per-message and context
deletion tokens are now implicitly defined by the algorithms
associated with the session key or subkey. Algorithms identifiers
as described in [RFC-1964] are therefore no longer needed and
removed from the new token headers.
6. Token Framing
Per [RFC-2743], all tokens emitted by the Kerberos V5 GSS-API
mechanism will have the framing shown below:
GSS-API DEFINITIONS ::=
BEGIN
MechType ::= OBJECT IDENTIFIER
-- representing Kerberos V5 mechanism
GSSAPI-Token ::=
-- option indication (delegation, etc.) indicated within
-- mechanism-specific token
[APPLICATION 0] IMPLICIT SEQUENCE {
thisMech MechType,
innerToken ANY DEFINED BY thisMech
-- contents mechanism-specific
-- ASN.1 structure not required
}
END
The innerToken field always starts with a two byte token-identifier
(TOK_ID). Here are the TOK_ID values:
Token TOK_ID Value in hex
-------------------------------------------
KRB_AP_REQUEST 01 00
KRB_AP_REQPLY 02 00
Zhu Standards Track - February 16, 2004 3
Kerberos Version 5 GSS-API August 2003
KRB_ERROR 03 00
[RFC-1964] MIC 01 01
[RFC-1964] Wrap 01 02
[RFC-1964] context deletion 02 01
MIC 04 04
Wrap 04 05
context deletion 05 04
7. Context Initialization Tokens
For context initialization tokens, the body for the innerToken field
contains a Kerberos V5 message (KRB_AP_REQUEST, KRB_AP_REPLY, or
KRB_ERROR) as defined in [KRBCLAR].
7.1. Authenticator Checksum
The authenticator in the KRB_AP_REQ message MUST include the
optional sequence number and the checksum field. The checksum field
is used to convey service flags, channel binding, and optional
delegation information. It MUST have a type of 0x8003. The length
of the checksum MUST be 24 bytes when delegation is not used. When
delegation is used, a TGT with its FORWARDABLE flag set will be
transferred within the KRB_CRED [KRBCLAR] message.
The format of the authenticator checksum field is as follows.
Byte Name Description
-----------------------------------------------------------------
0..3 Lgth Number of bytes in Bnd field;
Currently contains hex 10 00 00 00
(16, represented in little-endian form)
4..19 Bnd MD5 hash of channel bindings, taken over all
non-null components of bindings, in order
of declaration. Integer fields within channel
bindings are represented in little-endian order
for the purposes of the MD5 calculation.
20..23 Flags Bit vector of context-establishment flags,
as defined next. The resulting bit vector is
encoded into bytes 20..23 in little-endian form.
24..25 DlgOpt The Delegation Option identifier (=1) [optional]
26..27 Dlgth The length of the Deleg field [optional]
28..n Deleg A KRB_CRED message (n = Dlgth + 29) [optional]
[we need to get input on how to allow additional data for
extensions. Nicolas will post some text for this. If that is the
case, do we need to change the checksum type?]
7.1.1. Flags Field
The checksum flags are used to convey service options or extension
negotiation information. The bits in the Flags field are allocated
as follows (Most significant bit is bit 0):
Zhu Standards Track - February 16, 2004 4
Kerberos Version 5 GSS-API August 2003
Bit Name Description
----------------------------------------------------
0..11 Mandatory Critical extension flags
12..15 Optional Non-critical extension flags
16..31 Standard Context establishment flags
An extension or context establishment flag can either be critical or
non-critical. When the context initiator desires a particular
extension or context establishment flag (either critical or non-
critical) it sets the appropriate checksum flag. The context
acceptor MUST ignore unsupported non-critical extensions or flags in
the initiator's context token (i.e., acceptors MUST NOT return an
error just because there were unsupported non-critical extensions or
flags in the initiator's token). The acceptor MUST return
GSS_S_UNAVAILABLE [RFC-2743] if there are unsupported critical
extensions or flags in the initiator's context token.
The following context establishment flags are defined in [RFC-2744]
Flag Name Value
---------------------------------
GSS_C_DELEG_FLAG 1
GSS_C_MUTUAL_FLAG 2
GSS_C_REPLAY_FLAG 4
GSS_C_SEQUENCE_FLAG 8
GSS_C_CONF_FLAG 16
GSS_C_INTEG_FLAG 32
GSS_C_ANON_FLAG 64
Context establishment flags are exposed to the calling application.
If the calling application desires a particular service option then
it requests that option via GSS_Init_sec_context(). An
implementation that supports a particular extension SHOULD then set
the appropriate flag in the checksum Flags field.
All existing context establishment flags are non-critical, and it is
possible that a new context establishment flag can be added as a
critical flag.
7.1.2. Channel Binding Information
In computing the contents of the "Bnd" field, the following detailed
points apply:
(1) Each integer field shall be formatted into four bytes, using
little-endian byte ordering, for purposes of MD5 hash computation.
(2) All input length fields within gss_buffer_desc [RFC-2744]
elements of a gss_channel_bindings_struct [RFC-2744], even those
which are zero-valued, shall be included in the hash calculation;
the value elements of gss_buffer_desc elements shall be
dereferenced, and the resulting data shall be included within the
hash computation, only for the case of gss_buffer_desc elements
having non-zero length specifiers.
Zhu Standards Track - February 16, 2004 5
Kerberos Version 5 GSS-API August 2003
(3) If the caller passes the value GSS_C_NO_BINDINGS instead of a
valid channel bindings structure, the Bnd field shall be set to 16
zero-valued bytes.
[Nicolas suggested that the only change that might be needed here
was the use of SHA1 instead of MD5]
8. Per-Message and Context Deletion Tokens
The new per-message and context deletion token formats defined in
this document are designed to accommodate the requirements of newer
crypto systems. The token layouts have also been designed to
facilitate scatter-gather and in-place encryption without incurring
significant performance penalties for implementations that do not
allow for either scatter-gather or in-place encryption.
The design along with the rationale behind it is discussed in detail
in the following sections.
8.1. Sequence Number and Direction Indicator
The sequence number for any per-message or context deletion token is
a 64 bit integer (expressed in big endian order). One separate flag
is used as the direction-indicator as described in section 8.2.
Both the sequence number and the direction-indicator are protected
by the encryption and checksum procedures as specified in section
8.4.
8.2. Flags Field
The Flags field is a one-byte bit vector used to indicate a set of
attributes. The meanings of the flags are:
Bit Name Description
---------------------------------------------------------------
0 SentByAcceptor When set, this flag indicates the sender
is the context acceptor. When not set,
it indicates the sender is the context
initiator.
1 Sealed When set in Wrap tokens, this flag
indicates confidentiality is provided
for. It MUST not be set in MIC and
context deletion tokens.
The rest of available bits are reserved for future use.
8.3. EC Field
The EC (Extra Count) field is a two-byte integer field expressed in
big endian order.
Zhu Standards Track - February 16, 2004 6
Kerberos Version 5 GSS-API August 2003
In Wrap tokens with confidentiality, the EC field is used to encode
the size (in bytes) of the random filler, as described in section
8.4.
In Wrap tokens without confidentiality, the EC field is used to
encode the size (in bytes) of the trailing checksum, as described in
section 8.4.
When AES is used, the EC field contains the hex value 00 0C in Wrap
tokens without confidentiality, and 00 00 in Wrap tokens with
confidentiality.
8.4. Encryption and Checksum Operations
The encryption algorithms defined by the crypto profiles provide for
integrity protection. Therefore no separate checksum is needed.
The result of decryption can be longer than the original plaintext
[KCRYPTO] and the extra trailing bytes are called "crypto-system
garbage". However, given the size of any plaintext data, one can
always find the next (possibly larger) size so that, when padding
the to-be-encrypted text to that size, there will be no crypto-
system garbage added [KCRYPTO].
In Wrap tokens that provide for confidentiality, the "header" (the
first 16 bytes of the Wrap token) is appended to the plaintext data
before encryption. Random filler is inserted between the plaintext-
data and the "header", and there SHALL NOT be crypto-system garbage
added by the decryption operation. The resulting Wrap token is
{"header" | encrypt(plaintext-data | random-filler | "header")},
where encrypt() is the encryption operation (which provides for
integrity protection) defined in the crypto profile [KCRYPTO].
[A note from the design team (Sam, Nicolas, Ken, JK and Larry):
constraints need to be added to kcrypto to keep the header at the
end of the decrypted data. Without these constraints, we might have
the header pre-pended to the front of the data and encode an 8 byte
length for the plaintext data, which is less efficient.
Constraints to be added: Given the length of any plaintext data,
there should always exist the next (possibly larger) size for which,
when padding the to-be-encrypted data to that size, there will be no
cryptosystem garbage added, and the number of bytes needed to pad to
the next size is no larger than 64K. This is a small addition to
kcrypto and we will bring it up at the IETF last call for kcrypto]
In Wrap tokens that do not provide for confidentiality, the checksum
is calculated over the plaintext data concatenated with the token
header (the first 16 bytes of the Wrap token). The resulting Wrap
token is {"header" | plaintext-data | get_mic(plaintext-data |
"header")}, where get_mic() is the checksum operation defined in
the crypto profile [KCRYPTO].
Zhu Standards Track - February 16, 2004 7
Kerberos Version 5 GSS-API August 2003
The parameters for the key and the cipher-state in the encrypt() and
get_mic() operations have been omitted for brevity.
The resulting Wrap tokens bind the data to the token header,
including the sequence number and the directional indicator.
[With AEAD, Wrap tokens with confidentiality do not need to encrypt
the header and the overhead can be reduced slightly]
For MIC tokens, the checksum is first calculated over the token
header (the first 16 bytes of the MIC token) and then the to-be-
signed plaintext data.
For context deletion tokens, the checksum is calculated over the
token header (the first 16 bytes of the context deletion token).
When AES is used, the checksum algorithm is HMAC_SHA1_96 and the
checksum size is 12 bytes. Data is pre-pended with a 16 byte
confounder before encryption, and no padding is needed.
8.5. RRC Field
The RRC (Right Rotation Count) field in Wrap tokens is added to
allow the data to be encrypted in-place by existing [SSPI]
applications that do not provide an additional buffer for the
trailer (the cipher text after the in-place-encrypted data) in
addition to the buffer for the header (the cipher text before the
in-place-encrypted data). The resulting Wrap token in the previous
section, excluding the first 16 bytes of the token header, is
rotated to the right by "RRC" bytes. The net result is that "RRC"
bytes of trailing octets are moved toward the header. Consider the
following as an example of this rotation operation: Assume that the
RRC value is 3 and the token before the rotation is {"header" | aa |
bb | cc | dd | ee | ff | gg | hh}, the token after rotation would be
{"header" | ff | gg | hh | aa | bb | cc | dd | ee }, where {aa | bb
| cc |...| hh} is used to indicate the byte sequence.
The RRC field is expressed as a two-byte integer in big endian
order.
The rotation count value is chosen by the sender based on
implementation details, and the receiver MUST be able to interpret
all possible rotation count values.
8.6. Message Layout for Per-message and Context Deletion Tokens
The new message layouts are as follows.
MIC Token:
Byte no Name Description
0..1 TOK_ID Identification field.
Tokens emitted by GSS_GetMIC()
contain the hex value 04 04 in
Zhu Standards Track - February 16, 2004 8
Kerberos Version 5 GSS-API August 2003
this field.
2 Flags Attributes field, as described in
Section 8.2.
3..7 Filler Contains 5 bytes of hex value FF.
8..15 SND_SEQ Sequence number field in
cleartext, in big endian order.
16..last SGN_CKSUM Checksum of byte 0..15 and the
"to-be-signed" data, where the
checksum algorithm is defined by
the crypto profile for the
session key or subkey.
The Filler field is included in the checksum calculation for
simplicity. This is common to both MIC and context deletion token
checksum calculations.
Wrap Token:
Byte no Name Description
0..1 TOK_ID Identification field.
Tokens emitted by GSS_Wrap()
contain the hex value 05 04
in this field.
2 Flags Attributes field, as described in
Section 8.2.
3 Filler Contains the hex value FF.
4..5 EC Contains the "extra count" field,
in big endian order as described in
section 8.3.
6..7 RRC Contains the "right rotation
count" in big endian order, as
described in section 8.5.
8..15 SND_SEQ Sequence number field in
cleartext, in big endian order.
16..last Data Encrypted data or (plaintext data +
checksum), as described in section
8.4, where the encryption or
checksum algorithm is defined by
the crypto profile for the session
key or subkey.
Context Deletion Token:
Byte no Name Description
0..1 TOK_ID Identification field.
Tokens emitted by
GSS_Delete_sec_context() contain
the hex value 04 05 in this
field.
2 Flags Attributes field, as described in
Section 8.2.
Zhu Standards Track - February 16, 2004 9
Kerberos Version 5 GSS-API August 2003
3..7 Filler Contains 5 bytes of hex value FF.
8..15 SND_SEQ Sequence number field in
cleartext, in big endian order.
16..N SGN_CKSUM Checksum of byte 0..15, where the
checksum algorithm is defined by
the crypto profile for the
session key or subkey.
9. Parameter Definitions
This section defines parameter values used by the Kerberos V5 GSS-
API mechanism. It defines interface elements in support of
portability, and assumes use of C language bindings per [RFC-2744].
9.1. Minor Status Codes
This section recommends common symbolic names for minor_status
values to be returned by the Kerberos V5 GSS-API mechanism. Use of
these definitions will enable independent implementers to enhance
application portability across different implementations of the
mechanism defined in this specification. (In all cases,
implementations of GSS_Display_status() will enable callers to
convert minor_status indicators to text representations.) Each
implementation should make available, through include files or other
means, a facility to translate these symbolic names into the
concrete values which a particular GSS-API implementation uses to
represent the minor_status values specified in this section.
It is recognized that this list may grow over time, and that the
need for additional minor_status codes specific to particular
implementations may arise. It is recommended, however, that
implementations should return a minor_status value as defined on a
mechanism-wide basis within this section when that code is
accurately representative of reportable status rather than using a
separate, implementation-defined code.
9.1.1. Non-Kerberos-specific codes
GSS_KRB5_S_G_BAD_SERVICE_NAME
/* "No @ in SERVICE-NAME name string" */
GSS_KRB5_S_G_BAD_STRING_UID
/* "STRING-UID-NAME contains nondigits" */
GSS_KRB5_S_G_NOUSER
/* "UID does not resolve to username" */
GSS_KRB5_S_G_VALIDATE_FAILED
/* "Validation error" */
GSS_KRB5_S_G_BUFFER_ALLOC
/* "Couldn't allocate gss_buffer_t data" */
GSS_KRB5_S_G_BAD_MSG_CTX
/* "Message context invalid" */
GSS_KRB5_S_G_WRONG_SIZE
/* "Buffer is the wrong size" */
GSS_KRB5_S_G_BAD_USAGE
Zhu Standards Track - February 16, 2004 10
Kerberos Version 5 GSS-API August 2003
/* "Credential usage type is unknown" */
GSS_KRB5_S_G_UNKNOWN_QOP
/* "Unknown quality of protection specified" */
9.1.2. Kerberos-specific-codes
GSS_KRB5_S_KG_CCACHE_NOMATCH
/* "Principal in credential cache does not match desired
name" */
GSS_KRB5_S_KG_KEYTAB_NOMATCH
/* "No principal in keytab matches desired name" */
GSS_KRB5_S_KG_TGT_MISSING
/* "Credential cache has no TGT" */
GSS_KRB5_S_KG_NO_SUBKEY
/* "Authenticator has no subkey" */
GSS_KRB5_S_KG_CONTEXT_ESTABLISHED
/* "Context is already fully established" */
GSS_KRB5_S_KG_BAD_SIGN_TYPE
/* "Unknown signature type in token" */
GSS_KRB5_S_KG_BAD_LENGTH
/* "Invalid field length in token" */
GSS_KRB5_S_KG_CTX_INCOMPLETE
/* "Attempt to use incomplete security context" */
9.2. Buffer Sizes
All implementations of this specification shall be capable of
accepting buffers of at least 16K bytes as input to GSS_GetMIC(),
GSS_VerifyMIC(), and GSS_Wrap(), and shall be capable of accepting
the output_token generated by GSS_Wrap() for a 16K byte input buffer
as input to GSS_Unwrap(). Support for larger buffer sizes is
optional but recommended.
10. Backwards Compatibility Considerations
The new token formats defined in this document will only be
recognized by new implementations. To address this, implementations
can always use the explicit sign or seal algorithm in [GSSAPI-KRB5]
when the key type corresponds to "older" algorithms. An alternative
approach might be to retry sending the message with the sign or seal
algorithm explicitly defined as in [GSSAPI-KRB5]. However this
would require the use of a mechanism such as [RFC-2478] to securely
negotiate the algorithm or the use out of band mechanism to choose
appropriate algorithms. For this reason, it is RECOMMENDED that the
new token formats defined in this document can be used only if both
peers are known during context negotiation to support the new
mechanism (either because of the use of "new" enctypes or because of
the use of Kerberos V extensions).
11. Security Considerations
It is possible that the KDC returns a session-key type that is not
supported by the GSSAPI implementation (either on the client and the
server). In this case the implementation MUST not try to use the key
Zhu Standards Track - February 16, 2004 11
Kerberos Version 5 GSS-API August 2003
with a supported cryptosystem. This will ensure that no security
weaknesses arise due to the use of an inappropriate key with an
encryption algorithm.
In addition the security problem described in [3DES] arising from
the use of a service implementation with a GSSAPI mechanism
supporting only DES and a Kerberos mechanism supporting both DES and
Triple DES is actually a more generic one. It arises whenever the
GSSAPI implementation does not support a stronger cryptosystem
supported by the Kerberos mechanism. KDC administrators desiring to
limit the session key types to support interoperability with such
GSSAPI implementations should carefully weigh the reduction in
protection offered by such mechanisms against the benefits of
interoperability.
12. Acknowledgments
The authors wish to acknowledge the contributions from the following
individuals:
Ken Raeburn and Nicolas Willams corrected many of our errors in the
use of generic profiles and were instrumental in the creation of this
draft.
Sam Hartman and Ken Raeburn suggested the "floating trailer" idea.
Sam Hartman and Nicolas Williams recommended the replacing our
earlier key derivation function for directional keys with different
key usage numbers for each direction as well as retaining the
directional bit for maximum compatibility.
Paul Leach provided numerous suggestions and comments.
Scott Field, Richard Ward, Dan Simon also provided valuable inputs on
this draft.
13. References
13.1. Normative References
[RFC-2026] Bradner, S., "The Internet Standards Process -- Revision
3", BCP 9, RFC 2026, October 1996.
[RFC-2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[AES] National Institute of Standards and Technology, U.S.
Department of Commerce, "Advanced Encryption Standard", Federal
Information Processing Standards Publication 197, Washington, DC,
November 2001.
Zhu Standards Track - February 16, 2004 12
Kerberos Version 5 GSS-API August 2003
[AES-KRB5] Raeburn, K., "AES Encryption for Kerberos 5", draft-
raeburn-krb-rijndael-krb-05.txt, June 2003. Work in progress.
[3DES] Raeburn, K., "Triple-DES Support for the Kerberos 5 GSSAPI
Mechanism", draft-raeburn-gssapi-krb5-3des-XX.txt in the MIT
distribution, June 2000.
[RFC-2743] Linn, J., "Generic Security Service Application Program
Interface Version 2, Update 1", RFC 2743, January 2000.
[RFC-2744] Wray, J., "Generic Security Service API Version 2 : C-
bindings", RFC 2744, January 2000.
[RFC-1964] Linn, J., "The Kerberos Version 5 GSS-API Mechanism",
RFC 1964, June 1996.
[KCRYPTO] Raeburn, K., "Encryption and Checksum Specifications for
Kerberos 5", draft-ietf-krb-wg-crypto-05.txt, June, 2003. Work in
progress.
[KRBCLAR] Neuman, C., Kohl, J., Ts'o T., Yu T., Hartman, S.,
Raeburn, K., "The Kerveros Network Authentication Service (V5)",
draft-ietf-krb-wg-kerberos-clarifications-04.txt, February 2002.
Work in progress.
[RFC-2478] Baize, E., Pinkas D., "The Simple and Protected GSS-API
Negotiation Mechanism.", RFC 2478, December 1998.
13.2. Informative References
[SSPI] Leach, P., Security Service Provider Interface, MSDN, April
2003
14. Author's Address
Larry Zhu
One Microsoft Way
Redmond, WA 98052 - USA
EMail: LZhu@microsoft.com
Karthik Jaganathan
One Microsoft Way
Redmond, WA 98052 - USA
EMail: karthikj@microsoft.com
Sam Hartman
Massachusetts Institute of Technology
77 Massachusetts Avenue
Cambridge, MA 02139 - USA
Email: hartmans@MIT.EDU
Zhu Standards Track - February 16, 2004 13
Kerberos Version 5 GSS-API August 2003
Full Copyright Statement
"Copyright (C) The Internet Society (date). All Rights Reserved.
This document and translations of it may be copied and
furnished to others, and derivative works that comment on or
otherwise explain it or assist in its implementation may be
prepared, copied, published and distributed, in whole or in
part, without restriction of any kind, provided that the above
copyright notice and this paragraph are included on all such
copies and derivative works. However, this document itself may
not be modified in any way, such as by removing the copyright
notice or references to the Internet Society or other Internet
organizations, except as needed for the purpose of developing
Internet standards in which case the procedures for copyrights
defined in the Internet Standards process must be followed, or
as required to translate it into languages other than English.
The limited permissions granted above are perpetual and will
not be revoked by the Internet Society or its successors or
assigns.
Zhu Standards Track - February 16, 2004 14