[505] in Kerberos_Protocol

home help back first fref pref prev next nref lref last post

Re: Section 4 Kerberos Revisions for comment

daemon@ATHENA.MIT.EDU (Nicolas Williams)
Mon Sep 11 10:12:01 2000

Date: Mon, 11 Sep 2000 09:54:23 -0400
From: Nicolas Williams <Nicolas.Williams@ubsw.com>
To: Clifford Neuman <bcn@ISI.EDU>, ietf-krb-wg@anl.gov, krb-protocol@MIT.EDU
Message-Id: <20000911095421.E1030@sm2p1386swk.wdr.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <200009090046.RAA11067@cayman-islands.isi.edu>


Section 4 must only be a guideline. The language seems to assume only
secret keys. There should be an admonition not to have any protocols
which allow or require secret keys to be retrieved from the KDC.

Are you still accepting comments about the name canonicalisation stuff
from sections 2 and 3? I have seen it in action and would like to warn
you of its ill effects.

Nico
--


home help back first fref pref prev next nref lref last post