i***@ietf.org
2018-08-21 20:46:42 UTC
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Common Authentication Technology Next Generation WG of the IETF.
Title : SPAKE Pre-Authentication
Authors : Nathaniel McCallum
Simo Sorce
Robbie Harwood
Greg Hudson
Filename : draft-ietf-kitten-krb-spake-preauth-06.txt
Pages : 35
Date : 2018-08-21
Abstract:
This document defines a new pre-authentication mechanism for the
Kerberos protocol that uses a password authenticated key exchange.
This document has three goals. First, increase the security of
Kerberos pre-authentication exchanges by making offline brute-force
attacks infeasible. Second, enable the use of second factor
authentication without relying on FAST. This is achieved using the
existing trust relationship established by the shared first factor.
Third, make Kerberos pre-authentication more resilient against time
synchronization errors by removing the need to transfer an encrypted
timestamp from the client.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-kitten-krb-spake-preauth/
There are also htmlized versions available at:
https://tools.ietf.org/html/draft-ietf-kitten-krb-spake-preauth-06
https://datatracker.ietf.org/doc/html/draft-ietf-kitten-krb-spake-preauth-06
A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-kitten-krb-spake-preauth-06
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
This draft is a work item of the Common Authentication Technology Next Generation WG of the IETF.
Title : SPAKE Pre-Authentication
Authors : Nathaniel McCallum
Simo Sorce
Robbie Harwood
Greg Hudson
Filename : draft-ietf-kitten-krb-spake-preauth-06.txt
Pages : 35
Date : 2018-08-21
Abstract:
This document defines a new pre-authentication mechanism for the
Kerberos protocol that uses a password authenticated key exchange.
This document has three goals. First, increase the security of
Kerberos pre-authentication exchanges by making offline brute-force
attacks infeasible. Second, enable the use of second factor
authentication without relying on FAST. This is achieved using the
existing trust relationship established by the shared first factor.
Third, make Kerberos pre-authentication more resilient against time
synchronization errors by removing the need to transfer an encrypted
timestamp from the client.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-kitten-krb-spake-preauth/
There are also htmlized versions available at:
https://tools.ietf.org/html/draft-ietf-kitten-krb-spake-preauth-06
https://datatracker.ietf.org/doc/html/draft-ietf-kitten-krb-spake-preauth-06
A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-kitten-krb-spake-preauth-06
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/