- From: Matt Hur <matt.hur@CyberSafe.COM>
- Date: Mon, 03 Mar 1997 19:02:12 -0800
- To: treese@OpenMarket.com, ietf-tls@w3.org
A draft for the addition of Kerberos ciphersuites was presented at the last
TLS working group meeting (draft-ietf-tls-kerb-cipher-suites-00.txt
reference implementation is available at ftp://nii.isi.edu/pub/ssl-krb).
We would like to place this draft on the agenda for the working group
meeting in Memphis, and move that it be added to the body of the TLS draft.
To date, authentication in TLS is limited only to public key solutions. As
a result, TLS does not fully support organizations with heterogeneous
security deployments that include authentication systems based on symmetric
cryptography.
Kerberos, originally developed at MIT, is based on an open standard and is
the most widely deployed symmetric key authentication system. The draft
presented at the Dec. meeting of the IETF proposes a new option for
negotiating Kerberos authentication within the TLS framework. This
achieves mutual authentication and the establishment of a master secret
using Kerberos credentials. The proposed changes are minimal and, in fact,
no different from adding a new public key algorithm to the TLS framework.
Regards,
Matt Hur and Ari Medvinsky
----------------------------------------------------------------
Matt Hur CyberSafe
matt.hur@cybersafe.com 1605 NW Sammamish Road, Suite 310
(206) 391-6000 Issaquah, WA 98027-5378
http://www.cybersafe.com
Received on Monday, 3 March 1997 21:59:51 UTC