addition of Kerberos ciphersuites in TLS

A draft for the addition of Kerberos ciphersuites was presented at the last
TLS working group meeting (draft-ietf-tls-kerb-cipher-suites-00.txt
reference implementation is available at
We would like to place this draft on the agenda for the working group
meeting in Memphis, and move that it be added to the body of the TLS draft.

To date, authentication in TLS is limited only to public key solutions.  As
a result, TLS does not fully support organizations with heterogeneous
security deployments that include authentication systems based on symmetric
Kerberos, originally developed at MIT, is based on an open standard and is
the most widely deployed symmetric key authentication system.  The draft
presented at the Dec. meeting of the IETF proposes a new option for
negotiating Kerberos authentication within the TLS framework.  This
achieves mutual authentication and the establishment of a master secret
using Kerberos credentials.  The proposed changes are minimal and, in fact,
no different from adding a new public key algorithm to the TLS framework.

Matt Hur and Ari Medvinsky

Matt Hur                       CyberSafe         1605 NW Sammamish Road, Suite 310
(206) 391-6000                 Issaquah, WA 98027-5378

Received on Monday, 3 March 1997 21:59:51 UTC