Update on Kerberos Extensibility - PowerPoint PPT Presentation

Feb 02, 2023 •318 likes •407 views

Update on Kerberos Extensibility draft-yu-krb-wg-kerberos-extensions-02.txt Tom Yu IETF 61 Kerberos Extensibility Document Status Notational Conventions Future Plans 1 Document Status Updates from -00 Update I-D boilerplate

Update on Kerberos Extensibility draft-yu-krb-wg-kerberos-extensions-02.txt Tom Yu IETF 61
Kerberos Extensibility • Document Status • Notational Conventions • Future Plans 1
Document Status Updates from -00 • Update I-D boilerplate • Drop information object notation (for now) • More text explaining ASN.1 usage • More KDC-REQ description • Tighten constraints on IA5 vs UTF8 strings 2
Document Status (cont’d) Updates from -01 • More complete • Text on extensibility/criticality (from Sam) • Typed holes can use RELATIVE-OID or integers • Language tags • Rough IANA considerations 3
Notational Conventions • Which convention for ASN.1 identifiers in text? • ASN.1 has lexically significant case • Possible confusion if identifiers not set off from text 4
Notational Conventions (cont’d) • RFC 1510 and Clarifications use C-styled ALL_CAPS • C-styled: #define KDC_ERR_PREAUTH_FAILED 24 • ASN.1-styled: kdc-err-preauth-failed ErrCode ::= 24 • ALL_CAPS vs "quoted" ? 5
Future Plans • What should the module look like? • Which IANA assignment policies? • Incorporate preauth framework? • Different document name? 6

Download Presentation

Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Extensibility in the Kerberos Protocol Sam Hartman Mekinok, Inc. IETF 52 Table of Contents

Extensibility in the Kerberos Protocol Sam Hartman Mekinok, Inc. IETF 52 Table of Contents Slide Title Slide# I. Why Extensibility? 4 Arguments for Extensibility 5 Protocol Requirements from Vendors 6 IETF Concerns About Vendor

234 views • 22 slides

AFS and Kerberos 5 Ken Hornstein Naval Research Laboratory Kerberos Use in AFS, old school

AFS and Kerberos 5 Ken Hornstein Naval Research Laboratory Kerberos Use in AFS, old school Kerberos implementation based on V4 protocol. Client-server transport uses RX. Raw Kerberos binary ticket placed in credential cache

251 views • 11 slides

Kerberos Working Group Internationalization for Extensions Jeffrey Altman PAGE 1 Guiding

Kerberos Working Group Internationalization for Extensions Jeffrey Altman PAGE 1 Guiding Principles Use Unicode restricted as needed to provide interoperability and future extensibility A single set of string preparation rules for all

173 views • 14 slides

Connecting Web and Kerberos SSO Connecting Web and Kerberos SSO Rok Pape ARNES

Akademska in raziskovalna mrea Slovenije Connecting Web and Kerberos SSO Connecting Web and Kerberos SSO Rok Pape ARNES aaa-podpora@arnes.si Cork Institute of Technology Cork, Ireland, 19.5.2009 Kerberos Kerberos Akademska in

353 views • 16 slides

A Basic Introduction to Kerberos Ken Hornstein NRL Kerberos Introduction A network protocol

A Basic Introduction to Kerberos Ken Hornstein NRL Kerberos Introduction A network protocol developed at MIT as part of Project Athena. Is a shared-secret, trusted third party authentication system. Uses encryption to provide

280 views • 8 slides

OTP Kerberos Kerberos Working Group IETF, Montreal July 2006 WORKING DRAFT: 30 June 2006

OTP Kerberos Kerberos Working Group IETF, Montreal July 2006 WORKING DRAFT: 30 June 2006 Background Proposal is to define extensions to Kerberos V5 (rfc4120) to support pre-authentication using an OTP Three main aims: Allow an OTP

180 views • 14 slides

Kerberos V4 Slide 1 Kerberos network authentication using Needham-Schroeder insecure

Kerberos4 1 Kerberos V4 Slide 1 Kerberos network authentication using Needham-Schroeder insecure network: listen, modify secret key login session : from login to logout Version 5: more complex, not just TCP/IP, greater

98 views • 7 slides

Kerberos https://web.mit.edu/kerberos/ https://tools.ietf.org/html/rfc4120 slide 1 Many-to-Many

Kerberos https://web.mit.edu/kerberos/ https://tools.ietf.org/html/rfc4120 slide 1 Many-to-Many Authentication ? Servers Users How do users prove their identities when requesting services from machines on the network? Nave solution:

359 views • 10 slides

Kerberos for Distributed Systems Security Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding

Kerberos for Distributed Systems Security Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding COMP4631 L16 1 Agenda Distributed system security Introduction to Kerberos V4 Kerberos Realms Authentication with Kerberos in Windows NT 5

751 views • 30 slides

Kerberos & X.509 11

Kerberos & X.509 11 Network Security, Principles and Practice,2nd Ed. :

767 views • 51 slides

Kerberos for Distributed Systems Security Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - L17

Kerberos for Distributed Systems Security Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - L17 1 Agenda Distributed system security Introduction to Kerberos Kerberos Version 4 Authentication Protocol Authentication with Kerberos

494 views • 28 slides

Network Security: Kerberos Guevara Noubir noubir@ccs.neu.edu Network Security Reading

Network Security: Kerberos Guevara Noubir noubir@ccs.neu.edu Network Security Reading assignment: Chapters 13-14 G. Noubir, Network Security Kerberos Outline Kerberos V4 Kerberos V5 G. Noubir, Network Security Kerberos 2 What is

1.16k views • 9 slides

Questioning Kerberos Assumptions Sam Hartman IETF 63 Questioning Kerberos Assumptions

Questioning Kerberos Assumptions Sam Hartman IETF 63 Questioning Kerberos Assumptions Principal Names are not remapped in cross-realm The destination KDC is not involved in cross-realm Privacy of principal names 1 Why Remap

534 views • 19 slides

Todays Objec2ves Kerberos Peer To Peer Overlay Networks Final Projects Nov 27,

11/27/17 Todays Objec2ves Kerberos Peer To Peer Overlay Networks Final Projects Nov 27, 2017 Sprenkle - CSCI325 1 Kerberos Trusted third party, runs by default on port 88 Security objects: Ticket: token, verifying

407 views • 30 slides

GNU/Hurd AKA Extensibility from the Ground Samuel Thibault 2011 August 26th 1 <marcus>

GNU/Hurd AKA Extensibility from the Ground Samuel Thibault 2011 August 26th 1 <marcus> Jeroen: you are a Hurd developer. Being insane is part of the public image. 2 It's all about freedom #0 Extensibility for the user Mount one's

326 views • 32 slides

Kerberos Nicolas Gren` eche Centre de Ressources Informatique (CRI) - Universit e dOrl

Kerberos Nicolas Gren` eche Centre de Ressources Informatique (CRI) - Universit e dOrl eans Projet SDS - LIFO et ENSI de Bourges nicolas.greneche@univ-orleans.fr 11/07/2011 Sommaire Pourquoi Kerberos ? 1 Les acteurs 2 Le

497 views • 22 slides

RD50-MPW3: Slow Control Jos e Mazorra de Cos, Ricardo Marco Hern andez Instituto de F

RD50-MPW3: Slow Control Jos e Mazorra de Cos, Ricardo Marco Hern andez Instituto de F sica Corpuscular (CSIC-UV) RD50 CMOS design Meeting - 3 rd September 2020 Slow Control I 2 C slave and register bank communicated using Wishbone

341 views • 7 slides

The Shiny New I2C Slave Framework Wolfram Sang Consultant/Renesas Kernel Team 6.10.2015, ELCE15

The Shiny New I2C Slave Framework Wolfram Sang Consultant/Renesas Kernel Team 6.10.2015, ELCE15 Wolfram Sang (wsa@the-dreams.de) The Shiny New I2C Slave Framework 6.10.2015, ELCE15 1 / 26 A typical I2C bus 1 6.10.2015, ELCE15 The Shiny

975 views • 26 slides

CSCI2952-F Microservices.. Day 2: Background Continued Outline Containers Versus VMs

CSCI2952-F Microservices.. Day 2: Background Continued Outline Containers Versus VMs Service Mesh Design Patterns API Gateway Motivation Architecture eBPF YAML

483 views • 23 slides

$TITLE:M10-5.GMS CALIBRATION EXERCISE, FROM SHEET IO-2, M10-IOTABLE.XLS *CALIBRATES MODEL TO

C:\jim\COURSES\8858\code-bk 2012\M10-5.gms Friday, March 30, 2012 2:07:35 AM Page 1 $TITLE:M10-5.GMS CALIBRATION EXERCISE, FROM SHEET IO-2, M10-IOTABLE.XLS *CALIBRATES MODEL TO SHEET IO-2 IN M10-IOTABLE.XLS *assumes 10% of factors are sector

189 views • 7 slides

The Higgs Mass in High-Scale (Remote) SUSY / String Theory Arthur Hebecker (Heidelberg) cf.

The Higgs Mass in High-Scale (Remote) SUSY / String Theory Arthur Hebecker (Heidelberg) cf. 1204.2551 and 1304.2767 with A. Knochel and T. Weigand Outline We could be stuck with just the standard model at low energies The Higgs mass value

644 views • 39 slides

Consolidating SCHAC Schema and document evolution Javi Masa javier.masa@rediris.es 7 th TF-EMC2

Consolidating SCHAC Schema and document evolution Javi Masa javier.masa@rediris.es 7 th TF-EMC2 Meeting, Mlaga Overview 1. Evolution of SCHAC document 2. 5 th TF-EMC2 Zagreb 3. 6 th TF-EMC2 Catania 4. 7 th TF-EMC2 Mlaga 5. Schema

167 views • 13 slides

The LDAP Directory Schema AGENDA Why do we need a good schema? From the White Pages to

The LDAP Directory Schema AGENDA Why do we need a good schema? From the White Pages to Access Control The Design Process The available Standards Best Practices The User object The plumbing Implementing the Schema

494 views • 47 slides

G odel, Von Neumann and the origins of theoretical computer science Alasdair Urquhart

G odel, Von Neumann and the origins of theoretical computer science Alasdair Urquhart Computability in Europe 2011 27 June 2011 Alasdair Urquhart (Computability in Europe 2011) G odel, Von Neumann and the origins of theoretical computer

357 views • 35 slides