Hi.
Just around the time that this document was sent to the IESG, a
discussion started surrounding the nonce text in this draft in the
Kerberos working group.
All the participants seemed to agree that the discussion was
non-blocking: if consensus on a change was not found before ietf last
call ended, then the existing text would stand.
So, I did not ask our AD to block the draft.
However, the Kerberos working group did reach a consensus on new text.
We'd like to propose to the IETF that
The text in section 4.1 is changed from:
This nonce string MUST be as long as the longest key length of
the symmetric key types that the KDC supports and MUST be chosen
randomly.
to
This nonce string MUST contain a randomly chosen component at
least as long as the armor key length.
The KDC can then compose a nonce out of a random component and a
timestamp.
This change has already reached consensus within the working group. If
there are no objections (especially including objections from our AD)
I'll ask the authors to make this change. If there are objections then
our AD will judge consensus as usual.
Sam hartman
Kerberos Co-chair
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf