[1861] in Kerberos
Revision 5 of the Kerberos Version 5 Protocol Specification
daemon@ATHENA.MIT.EDU (Clifford Neuman)
Sat Apr 18 16:12:47 1992
Date: Sat, 18 Apr 92 12:30:38 PDT
From: bcn@ISI.EDU (Clifford Neuman)
To: krb-protocol@MIT.EDU, kerberos@MIT.EDU
At long last Revision 5 of the Version 5 Kerberos spec is available
from athena-dist.mit.edu in pub/Kerberos/doc as files V5REV5-ID.PS
and V5REV5-ID.TXT.
At this point, we expect that the protocol is fixed. There have been
a few changes since version 4 including the use of officially assigned
UDP port 88 (decimal) instead of 750, the use of MD5 checksum to augment the
integrity of the DES CBC encryption mode instead of CRC, and the
addition of several new checksum methods and changes to existing ones
for KRB_SAFE. A name type field has also been added and guidelines
included for the use of principal names.
We plan to release this specification as an Internet draft and
possibly later as an Internet RFC. There is work proceeding on the
development of a hybrid Internet Authentication System (IAS) that will
combine features of Kerberos with those of public key based systems
such as Digital Equipment Corporation's DASS. Although work on IAS is
ongoing, it is not yet on a strict timetable. Readers are encouraged
not to delay their plans for cryptographically based network security.
Applications which make use of this version of Kerberos will in all
likelihood not require major modification to interoperate with the IAS
when it is completed.
~ Cliff
